What are two benefits of private IPv4 IP addresses? (Choose two.)
Correct Answer:
BC
🗳️
What are two benefits that the UDP protocol provide for application traffic? (Choose two.)
Correct Answer:
AE
🗳️
Which two goals reasons to implement private IPv4 addressing on your network? (Choose two.)
Correct Answer:
BD
🗳️
Which WAN access technology is preferred for a small office / home office architecture?
Correct Answer:
A
🗳️
Service providers provide Internet access using broadband services such as DSL, cable, and satellite access. Broadband connections are typically used to connect small offices and telecommuting employees to a corporate site over the Internet. Data traveling between corporate sites over the public WAN infrastructure should be protected using VPNs.
Which two WAN architecture options help a business scalability and reliability for the network? (Choose two.)
Correct Answer:
CE
🗳️
Reference:
https://www.cisco.com/c/dam/en/us/td/docs/nsite/wan_optimization/WANoptSolutionGd.pdf
What is the binary pattern of unique ipv6 unique local address?
Correct Answer:
B
🗳️
A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7, which means that IPv6 Unique Local addresses begin with 7 bits with exact binary pattern as 1111 110 -> Answer B is correct.
Note: IPv6 Unique Local Address is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.
Which two options are the best reasons to use an IPV4 private IP space? (Choose two.)
Correct Answer:
AD
🗳️
Refer to the exhibit. When PC1 sends a packet to PC2, the packet has which source and destination IP address when it arrives at interface Gi0/0 on router R2?
Correct Answer:
C
🗳️
The source and destination IP addresses of the packets are unchanged on all the way. Only source and destination MAC addresses are changed.
What is the same for both copper and fiber interfaces when using SFP modules?
Correct Answer:
C
🗳️
What are two functions of a server on a network? (Choose two.)
Correct Answer:
AE
🗳️
Which function is performed by the collapsed core layer in a two-tier architecture?
Correct Answer:
A
🗳️
What is the primary function of a Layer 3 device?
Correct Answer:
D
🗳️
Which two functions are performed by the core layer in a three-tier architecture? (Choose two.)
Correct Answer:
AC
🗳️
Reference:
https://www.mcmcse.com/cisco/guides/hierarchical_model.shtml
What is a recommended approach to avoid co-channel congestion while installing access points that use the 2.4 GHz frequency?
Correct Answer:
A
🗳️
A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and updating software that is only used occasionally. Which cloud service model does the engineer recommend?
Correct Answer:
D
🗳️
What are two functions of a Layer 2 switch? (Choose two.)
Correct Answer:
CE
🗳️
DRAG DROP -
Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the right.
Select and Place:
Correct Answer:
An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be configured to allow clients to preferentially use
5GHz access points?
Correct Answer:
A
🗳️
Which networking function occurs on the data plane?
Correct Answer:
D
🗳️
Under which condition is TCP preferred over UDP?
Correct Answer:
C
🗳️

Refer to the exhibit. Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?
Correct Answer:
A
🗳️
The only indicator of any issues here is the reliability 166/255 on SiteA. When the input and output errors increase, they affect the reliability counter. This indicates how likely it is that a packet can be delivered or received successfully. Reliability is calculated like this: reliability = number of packets / number of total frames.
The value of 255 is the highest value meaning that the interface is very reliable at the moment. The calculation above is done every 5 minutes.
A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface. For the configuration to be applied, the engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued on the interface?
Correct Answer:
C
🗳️
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?
Correct Answer:
D
🗳️
What is a role of access points in an enterprise network?
Correct Answer:
C
🗳️
An implementer is preparing hardware for virtualization to create virtual machines on a host. What is needed to provide communication between hardware and virtual machines?
Correct Answer:
B
🗳️
How does a Cisco Unified Wireless Network respond to Wi-Fi channel overlap?
Correct Answer:
C
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/b_RRM_White_Paper/dca.html
In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.
Select and Place:
Correct Answer:
Which 802.11 frame type is indicated by a probe response after a client sends a probe request?
Correct Answer:
B
🗳️
What is the difference in data transmission delivery and reliability between TCP and UDP?
Correct Answer:
B
🗳️
UDP speeds up transmissions by enabling the transfer of data before an agreement is provided by the receiving party. As a result, UDP is beneficial in time- sensitive communications, including voice over IP (VoIP), domain name system (DNS) lookup, and video or audio playback.

Refer to the exhibit. When PC-A sends traffic to PC-B, which network component is in charge of receiving the packet from PC-A, verifying the IP addresses, and forwarding the packet to PC-B?
Correct Answer:
A
🗳️
What is the maximum bandwidth of a T1 point-to-point connection?
Correct Answer:
A
🗳️
What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two.)
Correct Answer:
BD
🗳️
What is a characteristic of cloud-based network topology?
Correct Answer:
D
🗳️
Which network action occurs within the data plane?
Correct Answer:
D
🗳️

Refer to the exhibit. R1 has just received a packet from host A that is destined to host B. Which route in the routing table is used by R1 to reach host B?
Correct Answer:
B
🗳️
Which two network actions occur within the data plane? (Choose two.)
Correct Answer:
CD
🗳️
What are network endpoints?
Correct Answer:
B
🗳️

Refer to the exhibit. The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is causing the performance problem?
Correct Answer:
B
🗳️
Why was the RFC 1918 address space defined?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Select and Place:
Correct Answer:
Reference:
https://learningnetwork.cisco.com/s/question/0D53i00000Kt6kl/ipv6-unique-local-addresses
Which type of organization should use a collapsed-core architecture?
Correct Answer:
A
🗳️
It is ideal for small companies: The collapsed core model is a reduced version of the three-tier model. The deduction was made to create a network for small and medium-sized campuses. Therefore, smaller institutions can get the advantage of using a collapsed core network while still gaining the same benefits they would if they were using a three-tier model. Small organizations often cannot afford the hardware and human resources to run the network can benefit greatly with less oversight necessary.
And reduces cost: In a traditional three-tier campus network, the core layer is typically a complex and expensive piece of hardware. This layer is eliminated with collapsed core architecture, reducing both cost and complexity.
A network administrator is setting up a new IPv6 network using the 64-bit address 2001:0EB8:00C1:2200:0001:0000:0000:0331/64. To simplify the configuration, the administrator has decided to compress the address. Which IP address must the administrator configure?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Select and Place:
Correct Answer:
What is an appropriate use for private IPv4 addressing?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0/1 interface for the router to assign a unique 64-bit IPv6 address to itself?
Correct Answer:
B
🗳️
What is a similarity between 1000BASE-LX and 1000BASE-T standards?
Correct Answer:
A
🗳️

Refer to the exhibit. The given Windows PC is requesting the IP address of the host at www.cisco.com. To which IP address is the request sent?
Correct Answer:
A
🗳️
Which function forwards frames to ports that have a matching destination MAC address?
Correct Answer:
D
🗳️
Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the same network at the same time?
Correct Answer:
C
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
C
🗳️
What is a function of an endpoint on a network?
Correct Answer:
C
🗳️
An endpoint is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints include:
✑ Desktops
✑ Laptops
✑ Smartphones
✑ Tablets
✑ Servers
✑ Workstations
Internet-of-things (IoT) devices
What is the function of a controller in controller-based networking?
Correct Answer:
A
🗳️

Refer to the exhibit. Each router must be configured with the last usable IP address in the subnet. Which configuration fulfills this requirement?
Correct Answer:
D
🗳️
How do TCP and UDP fit into a query-responsible model?
Correct Answer:
B
🗳️
What provides centralized control of authentication and roaming in an enterprise network?
Correct Answer:
B
🗳️
Which set of 2 4 GHz nonoverlapping wireless channels is standard in the United States?
Correct Answer:
D
🗳️
A network engineer is installing an IPv6-only capable device. The client has requested that the device IP address be reachable only from the internal network.
Which type of IPv6 address must the engineer assign?
Correct Answer:
C
🗳️
What is a requirement for nonoverlapping Wi-Fi channels?
Correct Answer:
B
🗳️
A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is blocked from being advertised to the internet. Which configuration must the engineer apply?
Correct Answer:
D
🗳️
What are two characteristics of an SSID? (Choose two.)
Correct Answer:
CD
🗳️
When a switch receives a frame for a known destination MAC address, how is the frame handled?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the IPv6 address details from the left onto the corresponding types on the right.
Select and Place:
Correct Answer:
What is the collapsed layer in collapsed core architectures?
Correct Answer:
A
🗳️
What is a characteristic of a SOHO network?
Correct Answer:
C
🗳️
What is the role of disaggregation in controller-based networking?
Correct Answer:
A
🗳️
What is a function performed by a web server?
Correct Answer:
D
🗳️

Refer to the exhibit. Site A was recently connected to site B over a new single-mode fiber path. Users at site A report intermittent connectivity issues with applications hosted at site B. What is the reason for the problem?
Correct Answer:
D
🗳️
Which protocol uses the SSL?
Correct Answer:
B
🗳️
Why is UDP more suitable than TCP for applications that require low latency such as VoIP?
Correct Answer:
D
🗳️
What are the two functions of SSIDs? (Choose two.)
Correct Answer:
AD
🗳️
The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. The SSID can consist of up to 32 alphanumeric, case-sensitive, characters. Wireless clients connect using the SSID for secure communications. The SSID is a unique token that identifies an
802.11 wireless network. It is used by wireless devices to identify a network and to establish and maintain wireless connectivity. An SSID must be configured and assigned to a wireless client device interface before the device can associate with an access point.
Which two characteristics describe the access layer in a three-tier network architecture? (Choose two.)
Correct Answer:
BD
🗳️
The Access Layer is the one closer to the users. In fact, at this layer, we find the users themselves and the access-layer switches. The main purpose of this layer is to physically connect users to the network. In other words, there is just a cable between end-user PCs, printers, and wireless access points and access-layer switches.
Which PoE mode enables powered-devices detection and guarantees power when the device detected?
Correct Answer:
A
🗳️

Refer to the exhibit. The router has been configured with a super net to accommodate the requirements for 380 users on a Subnet. The requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?
Correct Answer:
D
🗳️

Refer to the exhibit. Configurations for the switch and PCs are complete. Which configuration must be applied so that VLANs 2 and 3 communicate back and forth?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the IPv6 address type characteristics from the left to the right.
Select and Place:
Correct Answer:
DRAG DROP -
Refer to the exhibit. The IP address configurations must be completed on the DC-1 and HQ-1 routers based on these requirements:
✑ DC-1 Gi1/0 must be the last usable address on a /30
✑ DC-1 Gi1/1 must be the first usable address on a /29
✑ DC-1 Gi1/2 must be the last usable address on a /28
✑ HQ-1 Gi1/3 must be the last usable address on a /29
Drag and drop the commands from the left onto the destination interfaces on the right. Not all commands are used.
Select and Place:
Correct Answer:
How is RFC 1918 addressing used in a network?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the IPv6 address types from the left onto their descriptions on the right.
Select and Place:
Correct Answer:

Refer to the exhibit. What is a reason for poor performance on the network interface?
Correct Answer:
C
🗳️
Here we see a large number of input errors and CRC errors.
DRAG DROP -
Drag and drop the IPv6 address descriptions from the left onto the IPv6 address types on the right. Not all options are used.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Select and Place:
Correct Answer:
Which WAN topology has the highest degree of reliability?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the IPv6 address type characteristics from the left to the right.
Select and Place:
Correct Answer:
What causes a port to be placed in the err-disabled state?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the characteristics of transport layer protocols from the left onto the corresponding protocols on the right.
Select and Place:
Correct Answer:
A network engineer must configure an interface with IP address 10.10.10.145 and a subnet mask equivalent to 11111111.11111111.11111111.11111000. Which subnet mask must the engineer use?
Correct Answer:
A
🗳️

Refer to the exhibit. The switches are connected via a Cat5 Ethernet cable that is tested successfully. The interfaces are configured as access ports and are both in a down status. What is the cause of the issue?
Correct Answer:
A
🗳️
Which two IP addressing schemes provide internet access to users on the network while preserving the public IPv4 address space? (Choose two.)
Correct Answer:
AB
🗳️
PAT with private internal addressing is the usual method of allowing Internet access while preserving IPv4 addresses. Another alternative is using IPV6, which will allow internet access without using any IPv4 addresses. The other answer choices will consume a great deal of public IPV4 addresses, or will not allow for internet access.
The address block 192.168.32.0/24 must be subnetted into smaller networks. The engineer must meet these requirements:
✑ Create 8 new subnets.
✑ Each subnet must accommodate 30 hosts.
✑ Interface VLAN 10 must use the last usable IP in the first new subnet.
✑ A Layer 3 interface is used.
Which configuration must be applied to the interface?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.
Select and Place:
Correct Answer:
What are two reasons to deploy private addressing on a network? (Choose two.)
Correct Answer:
AC
🗳️
DRAG DROP -
Drag and drop the IPv6 DNS record types from the left onto the description on the right.
Select and Place:
Correct Answer:
Which property is shared by 10GBase-SR and 10GBase-LR interfaces?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Select and Place:
Correct Answer:
Which device permits or denies network traffic based on a set of rules?
Correct Answer:
B
🗳️
What is the role of a firewall in an enterprise network?
Correct Answer:
A
🗳️
DRAG DROP -
Refer to the exhibit.
An engineer is tasked with verifying network configuration parameters on a client workstation to report back to the team lead. Drag and drop the node identifiers from the left onto the network parameters on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the DNS lookup components from the left onto the functions on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.
Select and Place:
Correct Answer:

Refer to the exhibit. An IP subnet must be configured on each router that provides enough addresses for the number of assigned hosts and anticipates no more than 10% growth for new hosts. Which configuration script must be used?
A.
B.
C.
D.
Correct Answer:
C
Which action is taken by a switch port enabled for PoE power classification override?
Correct Answer:
D
🗳️
What is a function spine-and-leaf architecture?
Correct Answer:
A
🗳️
With a spine-and-leaf architecture, no matter which leaf switch to which a server is connected, its traffic always has to cross the same number of devices to get to another server (unless the other server is located on the same leaf). This approach keeps latency at a predictable level because a payload only has to hop to a spine switch and another leaf switch to reach its destination.
Reference:
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-737022.html
Which action is taken by the data plane within a network device?
Correct Answer:
B
🗳️
What is the function of the control plane?
Correct Answer:
A
🗳️
Which two cable types must be used to connect an access point to the WLC when 2.5-Gbps and 5-Gbps upload speeds are required? (Choose two.)
Correct Answer:
AC
🗳️
What is a benefit for external users who consume public cloud resources?
Correct Answer:
C
🗳️
An engineer must update the configuration on two PCs in two different subnets to communicate locally with each other. One PC is configured with IP address
192.168.25.128/25 and the other with 192.168.25.100/25. Which network mask must the engineer configure on both PCs to enable the communication?
Correct Answer:
C
🗳️
Which key function is provided by the data plane?
Correct Answer:
D
🗳️
When should an engineer implement a collapsed-core architecture?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer assigns IP addressing to the current VLAN with three PCs. The configuration must also account for the expansion of 30 additional
VLANS using the same Class C subnet for subnetting and host count. Which command set fulfills the request while reserving address space for the expected growth?
Correct Answer:
B
🗳️
A client experiences slow throughput from a server that is directly connected to the core switch in a data center. A network engineer finds minimal latency on connections to the server, but data transfers are unreliable, and the output of the show interfaces counters errors command shows a high FCS-Err count on the interface that is connected to the server. What is the cause of the throughput issue?
Correct Answer:
A
🗳️
What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?
Correct Answer:
D
🗳️
What are two reasons to implement IPv4 private addressing on a network? (Choose two.)
Correct Answer:
DE
🗳️
Which concern is addressed with the use of private IPv4 addressing?
Correct Answer:
D
🗳️
What is the path for traffic sent from one user workstation to another workstation on a separate switch in a three-tier architecture model?
Correct Answer:
D
🗳️
What is the difference between IPv6 unicast and anycast addressing?
Correct Answer:
A
🗳️

Refer to the exhibit. Between which zones do wireless users expect to experience intermittent connectivity?
Correct Answer:
C
🗳️
Which WAN topology provides a combination of simplicity quality, and availability?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the statements about wireless architectures from the left onto the architectures on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the Wi-Fi terms from the left onto the descriptions on the right.
Select and Place:
Correct Answer:
How are the switches in a spine-and-leaf topology interconnected?
Correct Answer:
B
🗳️
What is the primary effect of the spanning-tree portfast command?
Correct Answer:
D
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html
What occurs when PortFast is enabled on an interface that is connected to another switch?
Correct Answer:
D
🗳️
Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state immediately or upon a linkup event, thus bypassing the listening and learning states.
Note: To enable portfast on a trunk port you need the trunk keyword ג€spanning-tree portfast trunkג€
Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?
Correct Answer:
A
🗳️
Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/ b_cg74_CONSOLIDATED_chapter_01010111.html

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?
SW1: 0C:E0:38:41:86:07 -
SW2: 0C:0E:15:22:05:97 -
SW3: 0C:0E:15:1A:3C:9D -
SW4: 0C:E0:18:A1:B3:19 -
Correct Answer:
C
🗳️
DRAG DROP -
Refer to the exhibit. An engineer is required to verify that the network parameters are valid for the users' wireless LAN connectivity on a /24 subnet. Drag and drop the values from the left onto the network parameters on the right. Not all values are used.
Select and Place:
Correct Answer:
An engineer needs to configure LLDP to send the port description type length value (TLV). Which command sequence must be implemented?
Correct Answer:
D
🗳️

Refer to the exhibit. Which switch becomes the root bridge?
Correct Answer:
B
🗳️
Which configuration ensures that the switch is always the root for VLAN 750?
Correct Answer:
C
🗳️

Refer to the exhibit. After the switch configuration, the ping test fails between PC A and PC B. Based on the output for switch 1, which error must be corrected?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the WLAN components from the left onto the correct descriptions on the right.
Select and Place:
Correct Answer:
The service port can be used management purposes, primarily for out-of-band management. However, AP management traffic is not possible across the service port. In most cases, the service port is used as a ג€last resortג€ means of accessing the controller GUI for management purposes. For example, in the case where the system distribution ports on the controller are down or their communication to the wired network is otherwise degraded.
A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller.
The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/ports_and_interfaces.html
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?
Correct Answer:
C
🗳️
In previous releases, whenever a FlexConnect access point disassociates from a controller, it moves to the standalone mode. The clients that are centrally switched are disassociated. However, the FlexConnect access point continues to serve locally switched clients. When the FlexConnect access point rejoins the controller (or a standby controller), all clients are disconnected and are authenticated again. This functionality has been enhanced and the connection between the clients and the FlexConnect access points are maintained intact and the clients experience seamless connectivity. When both the access point and the controller have the same configuration, the connection between the clients and APs is maintained.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/ b_cg74_CONSOLIDATED_chapter_010001101.html

Refer to the exhibit. Which command provides this output?
Correct Answer:
B
🗳️
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
Correct Answer:
B
🗳️
The Static Persistence (or ג€onג€ mode) bundles the links unconditionally and no negotiation protocol is used. In this mode, neither PAgP nor LACP packets are sent or received.
Which mode allows access points to be managed by Cisco Wireless LAN Controllers?
Correct Answer:
B
🗳️
A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN) controller (WLC). APs are ג€lightweight,ג€ which means that they cannot act independently of a wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are ג€zero touchג€ deployed, and individual configuration of APs is not necessary.
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two.)
Correct Answer:
CD
🗳️
Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?
Correct Answer:
C
🗳️
ג€¢ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it
ג€¢ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface
ג€¢ lldp timer rate: Set the sending frequency of LLDP updates in seconds
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swlldp.html

Refer to the exhibit. How does SW2 interact with other switches in this VTP domain?
Correct Answer:
D
🗳️
The VTP mode of SW2 is transparent so it only forwards the VTP updates it receives to its trunk links without processing them.
Reference:
https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?
Correct Answer:
B
🗳️
From the neighbor status, we notice the ג€Flagsג€ are SP. ג€Pג€ here means the neighbor is in Passive mode. In order to create an Etherchannel interface, the (local)
SW1 ports should be in Active mode. Moreover, the ג€Port Stateג€ in the exhibit is ג€0x3cג€ (which equals to ג€00111100ג€³ in binary format). Bit 3 is ג€1ג€ which means the ports are synchronizing -> the ports are working so the local ports should be in Active mode.
Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Auto and SW2 is set to Dynamic Desirable. What is the result of this configuration?
Correct Answer:
D
🗳️
A Cisco IP phone receives untagged data traffic from an attached PC. Which action is taken by the phone?
Correct Answer:
B
🗳️
Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless of the trust state of the access port on the phone.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg/swvoip.pdf
Which design element is a best practice when deploying an 802.11b wireless infrastructure?
Correct Answer:
A
🗳️
Refer to the exhibit. The network administrator wants VLAN 67 traffic to be untagged between Switch 1 and Switch 2, while all other VLANs are to remain tagged.
Which command accomplishes this task?
Correct Answer:
D
🗳️
Which two command sequences must be configured on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two.)
Correct Answer:
CD
🗳️
Refer to the exhibit. Which two commands when used together create port channel 10? (Choose two.)
Correct Answer:
AC
🗳️
Refer to the exhibit. An administrator is tasked with configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to the
GigabitEthernet 3/1/4 port on a switch?
Correct Answer:
B
🗳️
Refer to the exhibit. Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?
Correct Answer:
C
🗳️
Which command is used to enable LLDP globally on a Cisco IOS ISR?
Correct Answer:
A
🗳️
Link Layer Discovery Protocol (LLDP) is an industry standard protocol that allows devices to advertise, and discover connected devices, and there capabilities
(same as CDP of Cisco). To enable it on Cisco devices, we have to use this command under global configuration mode:
Sw(config)# lldp run
Which command should you enter to configure an LLDP delay time of 5 seconds?
Correct Answer:
D
🗳️
✑ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it
✑ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface
✑ lldp timer rate: Set the sending frequency of LLDP updates in seconds
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swlldp.html
In a CDP environment, what happens when the CDP interface on an adjacent device is configured without an IP address?
Correct Answer:
C
🗳️
Although CDP is a Layer 2 protocol but we can check the neighbor IP address with the ג€show cdp neighbor detailג€ command. If the neighbor does not has an IP address then CDP still operates without any problem. But the IP address of that neighbor is not provided.
DRAG DROP -
Drag and drop the benefits of a Cisco Wireless Lan Controller from the left onto the correct examples on the right.
Select and Place:
Correct Answer:
When configuring an EtherChannel bundle, which mode enables LACP only if a LACP device is detected?
Correct Answer:
A
🗳️
The LACP is Link Aggregation Control Protocol. LACP is an open protocol, published under the 802.3ad.
The modes of LACP are active, passive or on. The side configured as ג€passiveג€ will waiting the other side that should an Active for the Etherchannel to be established.
PAgP is Port-Aggregation Protocol. It is Cisco proprietary protocol. The mode are On, Desirable or Auto. Desirable ג€" Auto will establish an EtherChannel.
An example of how to configure an Etherchannel:
SwitchFormula1>enable -
SwitchFormula1#configure terminal
SwitchFormula1(config)# interface range f0/5 -14
SwitchFormula1(config-if-range)# channel-group 13 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
Refer to the exhibit. Which VLAN ID is associated with the default VLAN in the given environment?
Correct Answer:
A
🗳️
Which two VLAN IDs indicate a default VLAN? (Choose two.)
Correct Answer:
BC
🗳️
VLAN 1 is a system default VLAN, you can use this VLAN but you cannot delete it. By default VLAN 1 is use for every port on the switch.
Standard VLAN range from 1002-1005 it's Cisco default for FDDI and Token Ring. You cannot delete VLANs 1002-1005. Mostly we don't use VLAN in this range.
Which two pieces of information about a Cisco device can Cisco Discovery Protocol communicate? (Choose two.)
Correct Answer:
AC
🗳️
After you deploy a new WLAN controller on your network, which two additional tasks should you consider? (Choose two.)
Correct Answer:
AE
🗳️
Refer to the exhibit. How will switch SW2 handle traffic from VLAN 10 on SW1?
Correct Answer:
B
🗳️
Since SW-1 is configured native VLAN is VLAN10, so traffic coming out of VLAN-10 is untagged, & goes directly to SW-2 Native VLAN: VLAN100, due to VLAN mismatch.
Which two commands can you use to configure an actively negotiate EtherChannel? (Choose two.)
Correct Answer:
DE
🗳️
How does STP prevent forwarding loops at OSI Layer 2?
Correct Answer:
D
🗳️
Which two statements about VTP are true? (Choose two.)
Correct Answer:
AE
🗳️
Which type does a port become when it receives the best BPDU on a bridge?
Correct Answer:
D
🗳️
Which value can you modify to configure a specific interface as the preferred forwarding interface?
Correct Answer:
B
🗳️
Which statement about Cisco Discovery Protocol is true?
Correct Answer:
A
🗳️
What are two reasons a network administrator would use CDP? (Choose two.)
Correct Answer:
DE
🗳️
What are two benefits of using VTP in a switching environment? (Choose two.)
Correct Answer:
CE
🗳️
Which three statements are typical characteristics of VLAN arrangements? (Choose three.)
Correct Answer:
BDE
🗳️
On a corporate network, hosts on the same VLAN can communicate with each other, but they are unable to communicate with hosts on different VLANs. What is needed to allow communication between the VLANs?
Correct Answer:
A
🗳️
Different VLANs can't communicate with each other, they can communicate with the help of Layer3 router. Hence, it is needed to connect a router to a switch, then make the sub-interface on the router to connect to the switch, establishing Trunking links to achieve communications of devices which belong to different VLANs.
Which statement about LLDP is true?
Correct Answer:
B
🗳️
What is a function of Wireless LAN Controller?
Correct Answer:
C
🗳️
Lightweight APs (LAPs) is devices require no initial configuration. LAPs use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC), as shown in the below figure. Controller-based APs are useful in situations where many APs are required in the network. As more APs are added, each AP is automatically configured and managed by the WLC.
Which technology is used to improve web traffic performance by proxy caching?
Correct Answer:
A
🗳️
What criteria is used first during the root port selection process?
Correct Answer:
B
🗳️
Which statement about VLAN configuration is true?
Correct Answer:
A
🗳️
Refer to the exhibit. What two conclusions should be made about this configuration? (Choose two.)
Correct Answer:
AE
🗳️
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network is allowed to be mapped?
Correct Answer:
A
🗳️
How do AAA operations compare regarding user identification, user services, and access control?
Correct Answer:
B
🗳️
What is the difference between RADIUS and TACACS+?
Correct Answer:
B
🗳️
What is a difference between local AP mode and FlexConnect AP mode?
Correct Answer:
A
🗳️
The SW1 interface g0/1 is in the down/down state. What are two reasons for the interface condition? (Choose two.)
Correct Answer:
DE
🗳️
The interface is shut down - ADMIN DOWN / DOWN
The interface is error-disabled - DOWN / DOWN
There is a speed mismatch - DOWN / DOWN
How will Link Aggregation be implemented on a Cisco Wireless LAN Controller?
Correct Answer:
D
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_010101011.html
Which two conditions must be met before SSH operates normally on a Cisco IOS switch? (Choose two.)
Correct Answer:
DE
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Refer to the exhibit. Which password must an engineer use to enter the enable mode?
Correct Answer:
D
🗳️
If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password serves as the enable password for all VTY sessions -> The ג€enable secretג€ will be used first if available, then ג€enable passwordג€ and line password.
Which state does the switch port move to when PortFast is enabled?
Correct Answer:
D
🗳️
Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?
Correct Answer:
B
🗳️
You can protect communication with the GUI by enabling HTTPS. HTTPS protects HTTP browser sessions by using the Secure Sockets Layer (SSL) protocol.
When you enable HTTPS, the controller generates its own local web administration SSL certificate and automatically applies it to the GUI. You also have the option of downloading an externally generated certificate.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_011.html
An engineer must configure interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?
Correct Answer:
B
🗳️
VLAN trunking offers two options, ISL and 802.1Q. ISL is Cisco proprietary while 802.1Q is standards based and supported by multiple vendors.
An engineer requires a switch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?
Correct Answer:
B
🗳️
Reference:
https://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8#:~:text=switchport%20mode%20dynamic%20auto%3A%20Makes,to%20trunk%20or%
.
20desirable%20mode.&text=switchport%20mode%20dynamic%20desirable%3A%20Makes,link%20to%20a%20trunk%20link
Refer to the exhibit. After the election process, what is the root bridge in the HQ LAN?
Switch 1: 0C:E0:38:81:32:58 -
Switch 2: 0C:0E:15:22:1A:61 -
Switch 3: 0C:0E:15:1D:3C:9A -
Switch 4: 0C:E0:19:A1:4D:16 -
Correct Answer:
C
🗳️
An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. What action should be taken?
Correct Answer:
C
🗳️
Which spanning-tree enhancement avoids the learning and listening states and immediately places ports in the forwarding state?
Correct Answer:
B
🗳️
How does the dynamically-learned MAC address feature function?
Correct Answer:
A
🗳️
When using Rapid PVST+, which command guarantees the switch is always the root bridge for VLAN 200?
Correct Answer:
B
🗳️

Refer to the exhibit. Which command must be executed for Gi1/1 on SW1 to passively become a trunk port if Gi1/1 on SW2 is configured in desirable or trunk mode?
Correct Answer:
A
🗳️

Refer to the exhibit. The entire contents or the MAC address table are shown. Sales-4 sends a data frame to Sales-1.
What does the switch do as it receives the frame from Sales-4?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic. Which configuration accomplishes this task?
Correct Answer:
A
🗳️
An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database, with action must be taken?
Correct Answer:
A
🗳️
Which technology prevents client devices from arbitrarily connecting to the network without state remediation?
Correct Answer:
B
🗳️
Which protocol does an access point use to draw power from a connected switch?
Correct Answer:
B
🗳️
An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association request?
Correct Answer:
C
🗳️

Refer to the exhibit. Only four switches are participating in the VLAN spanning-tree process.
Branch-1: priority 614440 -
Branch-2: priority 39391170 -
Branch-3: priority 0 -
Branch-4: root primary -
Which switch becomes the permanent root bridge for VLAN 5?
Correct Answer:
C
🗳️
An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used?
Correct Answer:
D
🗳️
What are two benefits of using the PortFast feature? (Choose two.)
Correct Answer:
AD
🗳️
What is the benefit of configuring PortFast on an interface?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the functions of AAA supporting protocols from the left onto the protocols on the right.
Select and Place:
Correct Answer:
Why does a switch flood a frame to all ports?
Correct Answer:
B
🗳️
An engineer configures interface Gi1/0 on the company PE router to connect to an ISP. Neighbor discovery is disabled.
Which action is necessary to complete the configuration if the ISP uses third-party network devices?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the Rapid PVST+ forwarding state actions from the left to the right. Not all actions are used.
Select and Place:
Correct Answer:
Which access point mode relies on a centralized controller for management, roaming, and SSID configuration?
Correct Answer:
A
🗳️

Refer to the exhibit. A network engineer must configure communication between PC A and the File Server. To prevent interruption for any other communications, which command must be configured?
Correct Answer:
C
🗳️

Refer to the exhibit. What is the result if Gig1/11 receives an STP BPDU?
Correct Answer:
C
🗳️
Which access layer threat-mitigation technique provides security based on identity?
Correct Answer:
C
🗳️

Refer to the exhibit. Which action do the switches take on the trunk link?
Correct Answer:
B
🗳️
The trunk still forms with mismatched native VLANs and the traffic can actually flow between mismatched switches. But it is absolutely necessary that the native
VLANs on both ends of a trunk link match; otherwise a native VLAN mismatch occurs, causing the two VLANs to effectively merge. For example, with the above configuration, SW1 would send untagged frames for VLAN 999. SW2 receives them but would think they are for VLAN 99 so we can say these two VLANs are merged.
A network engineer must configure two new subnets using the address block 10.70.128.0/19 to meet these requirements:
✑ The first subnet must support 24 hosts.
✑ The second subnet must support 472 hosts.
✑ Both subnets must use the longest subnet mask possible from the address block.
Which two configurations must be used to configure the new subnets and meet a requirement to use the first available address in each subnet for the router interfaces? (Choose two.)
Correct Answer:
DE
🗳️

Refer to the exhibit. An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11. PC-1 and PC-2 must be placed in the Data VLAN, and Phone-1 must be placed in the Voice VLAN. Which configuration meets these requirements?
Correct Answer:
A
🗳️

Refer to the exhibit. Users need to connect to the wireless network with IEEE 802.11r-compatible devices. The connection must be maintained as users travel between floors or to other areas in the building. What must be the configuration of the connection?
Correct Answer:
C
🗳️
Reference:
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html

Refer to the exhibit. An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously configured. Which command accomplishes this task?
Correct Answer:
D
🗳️
Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two.)
Correct Answer:
DE
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html
DRAG DROP -
Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.
Select and Place:
Correct Answer:
Which interface mode must be configured to connect the lightweight APs in a centralized architecture?
Correct Answer:
C
🗳️
While the Cisco WLCs always connect to 802.1Q trunks, Cisco lightweight APs do not understand VLAN tagging and should only be connected to the access ports of the neighbor switch.
This is an example switch port configuration from the Catalyst 3750: interface GigabitEthernet1/0/22 description Access Port Connection to Cisco Lightweight AP switchport access vlan 5 switchport mode access no shutdown
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html

Refer to the exhibit. The following must be considered:
✑ SW1 is fully configured for all traffic.
✑ The SW4 and SW9 links to SW1 have been configured.
✑ The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured.
✑ The remaining switches have had all VLANs added to their VLAN database.
Which configuration establishes a successful ping from PC2 to PC7 without interruption to traffic flow between other PCs?
Correct Answer:
C
🗳️

Refer to the exhibit. The network administrator must prevent the switch Cat9K-2 IP address from being visible in LLDP without disabling the protocol. Which action must be taken to complete the task?
Correct Answer:
C
🗳️

Refer to the exhibit. An engineer has started to configure replacement switch SW1. To verify part of the configuration, the engineer issued the commands as shown and noticed that the entry for PC2 is missing. Which change must be applied to SW1 so that PC1 and PC2 communicate normally?
Correct Answer:
C
🗳️
Refer to the exhibit. Which switch becomes the root of the spanning tree?
Switch 1 -
BID: 32778 0018.184e.3c00 -
Switch 2 -
BID: 24586 001a.e3ff.a680 -
Switch 3 -
BID: 28682 0022.55cf.cc00 -
Switch 4 -
BID: 64000 4e15.8403.08f -
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.
Select and Place:
Correct Answer:

Refer to the exhibit. An engineer is configuring a Layer 3 port-channel interface with LACP. The configuration on the first device is complete, and it is verified that both interfaces have registered the neighbor device in the CDP table. Which task on the neighbor device enables the new port channel to come up without negotiating the channel?
Correct Answer:
D
🗳️

Refer to the exhibit. Which configuration establishes a Layer 2 LACP EtherChannel when applied to both switches?
Correct Answer:
A
🗳️
Which switching concept is used to create separate broadcast domains?
Correct Answer:
C
🗳️

Refer to the exhibit. Which action must be taken so that neighboring devices rapidly discover switch Cat9300?
Correct Answer:
B
🗳️
What is a requirement when configuring or removing LAG on a WLC?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.
Select and Place:
Correct Answer:
Which type of port is used to connect the wired network when an autonomous AP maps two VLANs to its WLANs?
Correct Answer:
C
🗳️
A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work establish an
LACP port channel?
Correct Answer:
B
🗳️

Refer to the exhibit. For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface. These tasks must be completed:
✑ Disable all neighbor discovery methods on R5 interface Gi0/1
✑ Permit neighbor discovery on R5 interface Gi0/2.
✑ Verify there are no dynamically learned neighbors on R5 interface Gi0/1.
✑ Display the IP address of R6's interface Gi0/2
Which configuration must be used?
Correct Answer:
D
🗳️
Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two.)
Correct Answer:
BC
🗳️
DRAG DROP -
Drag and drop the management connection types from the left onto the definitions on the right.
Select and Place:
Correct Answer:
An engineer is configuring data and voice services to pass through the same port. The designated switch interface fastethernet0/1 must transmit packets using the same priority for data when they are received from the access port of the IP phone. Which configuration must be used?
Correct Answer:
D
🗳️

Refer to the exhibit. Which change to the configuration on Switch2 allows the two switches to establish an EtherChannel?
Correct Answer:
C
🗳️

Refer to the exhibit. An engineer must configure the interface that connects to PC1 and secure it in a way that only PC1 is allowed to use the port. No VLAN tagging can be used except for a voice VLAN. Which command sequence must be entered to configure the switch?
Correct Answer:
C
🗳️
Which protocol must be implemented to support separate authorization and authentication solutions for wireless APs?
Correct Answer:
A
🗳️
Which port type supports the spanning-tree portfast command without additional configuration?
Correct Answer:
D
🗳️

Refer to the exhibit. What are two conclusions about this configuration? (Choose two.)
Correct Answer:
AE
🗳️
A Cisco engineer must configure a single switch interface to meet these requirements:
✑ Accept untagged frames and place them in VLAN 20
Accept tagged frames in VLAN 30 when CDP detects a Cisco IP phone
Which command set must the engineer apply?
Correct Answer:
D
🗳️
What does a switch use to build its MAC address table?
Correct Answer:
C
🗳️

Refer to the exhibit. The EtherChannel is configured with a speed of 1000 and duplex as full on both ends of channel group 1. What is the next step to configure the channel on switch A to respond to but not initiate LACP communication?
Correct Answer:
D
🗳️
Which command entered on a switch configured with Rapid PVST+ listens and learns for a specific time period?
Correct Answer:
D
🗳️
What must a network administrator consider when deciding whether to configure a new wireless network with APs in autonomous mode or APs running in cloud- based mode?
Correct Answer:
A
🗳️
When a switch receives a frame for an unknown destination MAC address, how is the frame handled?
Correct Answer:
A
🗳️
Which state is bypassed in Rapid PVST+ when PortFast is enabled on a port?
Correct Answer:
C
🗳️
What happens when a switch receives a frame with a destination MAC address that recently aged out?
Correct Answer:
B
🗳️
What is a function of store-and forward switching?
Correct Answer:
B
🗳️

Refer to the exhibit. Switch AccSw1 has just been added to the network along with PC2. All VLANs have been implemented on AccSw2. How must the ports on
AccSw2 be configured to establish Layer 2 connectivity between PC1 and PC2?
Correct Answer:
B
🗳️

Refer to the exhibit. A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the information sent via LLDP is refreshed every 3 minutes. Which configuration must the engineer apply?
Correct Answer:
B
🗳️


Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/system_management/configuration/guide/ b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide/sm_lldp.pdf

Refer to the exhibit. Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs. Which command set fulfills the requirement?
Correct Answer:
A
🗳️

Refer to the exhibit. Two new switches are being installed. The remote monitoring team uses the support network to monitor both switches. Which configuration is the next step to establish a Layer 2 connection between the two PCs?
Correct Answer:
A
🗳️

Refer to the exhibit. An engineer is configuring a new Cisco switch, NewSW, to replace SW2. The details have been provided:
✑ Switches SW1 and SW2 are third-party devices without support for trunk ports.
✑ The existing connections must be maintained between PC1, PC2, and PC3.
✑ Allow the switch to pass traffic from future VLAN 10.
Which configuration must be applied?
Correct Answer:
D
🗳️
Which WLC interface provides out-of-band management in the Cisco Unified Wireless Network Architecture?
Correct Answer:
B
🗳️

Refer to the exhibit. The network engineer is configuring a new WLAN and is told to use a setup password for authentication instead of the RADIUS servers.
Which additional set of tasks must the engineer perform to complete the configuration?
Correct Answer:
D
🗳️
Which mode must be set for Aps to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol?
Correct Answer:
C
🗳️
Which switch technology establishes a network connection immediately when it is plugged in?
Correct Answer:
A
🗳️
Which command on a port enters the forwarding state immediately when a PC is connected to it?
Correct Answer:
A
🗳️
If a switch port receives a new frame while it is actively transmitting a previous frame, how does it process the frames?
Correct Answer:
C
🗳️

Refer to the exhibit. The entire MAC address table for SW1 is shown here:
What does SW1 do when Br-4 sends a frame for Br-2
Correct Answer:
C
🗳️
Which statement about Link Aggregation when implemented on a Cisco Wireless LAN Controller is true?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer is configuring an EtherChannel using LACP between Switches 1 and 2.
Which configuration must be applied so that only Switch 1 sends LACP initiation packets?
A.
B.
C.
D.
Correct Answer:
B


Refer to the exhibit. The entire Marketing-SW1 MAC address table is shown here:
What does the switch do when PC-4 sends a frame to PC-1?
Correct Answer:
C
🗳️

Refer to the exhibit. All VLANs are present in the VLAN database. Which command sequence must be applied to complete the configuration?
A.
B.
C.
D.
Correct Answer:
A


Refer to the exhibit. Which switch becomes the root of a spanning tree for VLAN 10 if the primary switch fails and all links are of equal speed?
Correct Answer:
C
🗳️

Refer to the exhibit. Host A sent a data frame destined for host D.
What does the switch do when it receives the frame from host A?
Correct Answer:
A
🗳️


Refer to the exhibit. Which switch becomes the root of the spanning tree?
Correct Answer:
B
🗳️
The root bridge is the bridge with the lowest Bridge ID. All the decisions like which ports are the root ports (the port with the best path to the root bridge) are made from the perspective of the root bridge. In case of a tie (not the case in this example) then the root bridge will be the switch with the lowest MAC address.
Which channel-group mode must be configured when multiple distribution interfaces connected to a WLC are bundled?
Correct Answer:
B
🗳️


Refer to the exhibit. Which switch become the root of a spanning tree for VLAN 20 if all links are of equal speed?
Correct Answer:
A
🗳️
Which Layer 2 switch function encapsulates packets for different VLANs so that the packets transverse the same port and maintain traffic separation between the
VLANs?
Correct Answer:
D
🗳️
Which value is the unique identifier that an access point uses to establish and maintain wireless connectivity to wireless network devices?
Correct Answer:
B
🗳️
An engineer must configure neighbor discovery between the company router and an ISP.
What is the next step to complete the configuration if the ISP uses a third-party router?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.
Select and Place:
Correct Answer:
What is a function of MAC learning on a switch?
Correct Answer:
D
🗳️
What does a switch do when it receives a frame whose destination MAC address is missing from the MAC address table?
Correct Answer:
D
🗳️
By default, how long will the switch continue to know a workstation MAC address after the workstation stops sending traffic?
Correct Answer:
B
🗳️
A project objective is to minimize the association time to the different access points as mobile devices move around the office. The ideal solution must cover numerous devices and device types, including laptops, mobile phones, tablets and wireless printers. What must be configured?
Correct Answer:
B
🗳️
Which two protocols are used by an administrator for authentication and configuration on access points? (Choose two.)
Correct Answer:
BD
🗳️
DRAG DROP -
Drag and drop the statements about access-point modes from the left onto the corresponding modes on the right.
Select and Place:
Correct Answer:
A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP. How must the alarms be stopped for the MAC address of the AP?
Correct Answer:
B
🗳️
What is one reason to implement LAG on a Cisco WLC?
Correct Answer:
C
🗳️
When an access point is seeking to join wireless LAN controller, which message is sent to the AP-Manager interface?
Correct Answer:
C
🗳️
The LAPs always connect to the management interface address of the controller first with a discovery request. The controller then tells the LAP the Layer 3 AP- manager interface (which can also be the management by default) IP address so the LAP can send a join request to the AP-manager interface next.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

Refer to the exhibit. A network engineer configures the Cisco WLC to authenticate local wireless clients against a RADIUS server. Which task must be performed to complete the process?
Correct Answer:
C
🗳️
After installing a new Cisco ISE server which task must the engineer perform on the Cisco WLC to connect wireless clients on a specific VLAN based on their credentials?
Correct Answer:
C
🗳️
Refer to the exhibit. Router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet that it receives for destination IP 172.16.32.1?
Correct Answer:
A
🗳️
Refer to the exhibit. Router R1 Fa0/0 cannot ping router R3 Fa0/1. Which action must be taken in router R1 to help resolve the configuration issue?
Correct Answer:
C
🗳️
By default, how does EIGRP determine the metric of a route for the routing table?
Correct Answer:
A
🗳️
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task?
Correct Answer:
C
🗳️
A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet?
Correct Answer:
B
🗳️

Refer to the exhibit. How does the router manage traffic to 192.168.12.16?
Correct Answer:
D
🗳️
What are two reasons for an engineer to configure a floating static route? (Choose two.)
Correct Answer:
AC
🗳️

Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?
Correct Answer:
B
🗳️

Refer to the exhibit. A router received these five routes from different routing information sources. Which two routes does the router install in its routing table?
(Choose two.)
Correct Answer:
AD
🗳️

Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165?
Correct Answer:
B
🗳️
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?
Correct Answer:
C
🗳️
Which two minimum parameters must be configured on an active interface to enable OSPFV2 to operate? (Choose two.)
Correct Answer:
AE
🗳️
Refer to the exhibit. What commands are needed to add a sub-interface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?
Correct Answer:
B
🗳️

Refer to the exhibit. What does router R1 use as its OSPF router-ID?
Correct Answer:
C
🗳️
OSPF uses the following criteria to select the router ID:
1. Manual configuration of the router ID (via the ג€router-id x.x.x.xג€ command under OSPF router configuration mode).
2. Highest IP address on a loopback interface.
3. Highest IP address on a non-loopback and active (no shutdown) interface.

Refer to the exhibit. The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes must be configured on the New York router? (Choose two.)
Correct Answer:
CE
🗳️

Refer to the exhibit. After the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. What is the reason for the problem?
Correct Answer:
C
🗳️

Refer to the exhibit. Which route type is configured to reach the Internet?
Correct Answer:
D
🗳️

Refer to the exhibit. Which path is used by the router for Internet traffic?
Correct Answer:
B
🗳️
When OSPF learns multiple paths to a network, how does it select a route?
Correct Answer:
C
🗳️
When a floating static route is configured, which action ensures that the backup route is used when the primary route fails?
Correct Answer:
D
🗳️

Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured?
Correct Answer:
C
🗳️
From the output we can see there are Designated Router & Backup Designated Router for this OSPF domain so this is a broadcast network (point-to-point and point-to-multipoint networks do not elect DR & BDR).
By default, the timers on a broadcast network (Ethernet, point-to-point and point-to-multipoint) are 10 seconds hello and 40 seconds dead. The timers on a non- broadcast network are 30 seconds hello 120 seconds dead.
From the line ג€Neighbor Count is 3ג€, we learn there are four OSPF routers in this OSPF domain.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13689-17.html
A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, to which type of OSPF network does this interface belong?
Correct Answer:
C
🗳️
The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-to-Point is the default OSPF network type for Serial interface with
HDLC and PPP encapsulation).
Reference:
https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch08s15.html
Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?
Correct Answer:
C
🗳️
Administrative distance is the feature used by routers to select the best path when there are two or more different routes to the same destination from different routing protocols. Administrative distance defines the reliability of a routing protocol.
Router A learns the same route from two different neighbors; one of the neighbor routers is an OSPF neighbor, and the other is an EIGRP neighbor.
What is the administrative distance of the route that will be installed in the routing table?
Correct Answer:
B
🗳️
The Administrative distance (AD) of EIGRP is 90 while the AD of OSPF is 110 so EIGRP route will be chosen to install into the routing table.

Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router 1. The new circuit uses eBGP and learns the route to VLAN25 from the BGP path.
What is the expected behavior for the traffic flow for route 10.10.13.0/25?
Correct Answer:
D
🗳️
The AD of eBGP (20) is smaller than that of OSPF (110) so the route to 10.10.13.0/25 will be updated as being learned from the new BGP path.
Which two actions influence the EIGRP route selection process? (Choose two.)
Correct Answer:
BD
🗳️
The reported distance (or advertised distance) is the cost from the neighbor to the destination. It is calculated from the router advertising the route to the network.
For example in the topology below, suppose router A & B are exchanging their routing tables for the first time. Router B says ג€Hey, the best metric (cost) from me to IOWA is 50 and the metric from you to IOWA is 90ג€ and advertises it to router A. Router A considers the first metric (50) as the Advertised distance. The second metric (90), which is from NEVADA to IOWA (through IDAHO), is called the Feasible distance.
The reported distance is calculated in the same way of calculating the metric. By default (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0), the metric is calculated as follows:
Feasible successor is the backup route. To be a feasible successor, the route must have an Advertised distance (AD) less than the Feasible distance (FD) of the current successor route.
Feasible distance (FD): The sum of the AD plus the cost between the local router and the next-hop router. The router must calculate the FD of all paths to choose the best path to put into the routing table.
Note: Although the new CCNA exam does not have EIGRP topic but you should learn the basic knowledge of this routing protocol.

Refer to the exhibit. If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?
Correct Answer:
D
🗳️
Router2 does not have an entry for the subnet 10.10.13.128/25. It only has an entry for 10.10.13.0/25, which ranges from 10.10.13.0 to 10.10.13.127.
Which two outcomes are predictable behaviors for HSRP? (Choose two.)
Correct Answer:
AE
🗳️

Refer to the exhibit. An engineer is configuring the New York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path.
Which two commands must be configured on the New York router so that it reaches the Lo1 interface of the Atlanta router via Washington when the link between
New York and Atlanta goes down? (Choose two.)
Correct Answer:
AE
🗳️
Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes.
By default a static route has an AD of 1 then floating static route must have the AD greater than 1. Floating static route has a manually configured administrative distance greater than that of the primary route and therefore would not be in the routing table until the primary route fails.
How does HSRP provide first hop redundancy?
Correct Answer:
B
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-16/fhp-xe-16-book/fhp-hsrp-mgo.html
Refer to the exhibit. Which action establishes the OSPF neighbor relationship without forming an adjacency?
Correct Answer:
A
🗳️
Which command must you enter to guarantee that an HSRP router with higher priority becomes the HSRP primary router after it is reloaded?
Correct Answer:
A
🗳️
The ג€preemptג€ command enables the HSRP router with the highest priority to immediately become the active router.
Which command should you enter to verify the priority of a router in an HSRP group?
Correct Answer:
D
🗳️
The following is sample output from the show standby command:
Refer to the exhibit. Which command would you use to configure a static route on Router1 to network 192.168.202.0/24 with a nondefault administrative distance?
Correct Answer:
B
🗳️
The default AD of static route is 1 so we need to configure another number for the static route.
Which of the following dynamic routing protocols are Distance Vector routing protocols?
Correct Answer:
BE
🗳️
You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface.
Which action can you take to correct the problem in the least disruptive way?
Correct Answer:
A
🗳️
Once an OSPF Router ID selection is done, it remains there even if you remove it or configure another OSPF Router ID. So the least disruptive way is to correct it using the command ג€clear ip ospf processג€.
Which command should you enter to view the error log in an EIGRP for IPv6 environment?
Correct Answer:
D
🗳️
Refer to the exhibit. Which two statements about the network environment of router R1 must be true? (Choose two.)
Refer to the exhibit. Router R1 must be configured to reach the 10.0.3.0/24 network from the 10.0.1.0/24 segment. Which command must be used to configure the route?
Correct Answer:
D
🗳️

Correct Answer:
BC
🗳️
Which two statements about exterior routing protocols are true? (Choose two.)
Correct Answer:
BC
🗳️
You have two paths for the 10.10.10.0 network - one that has a feasible distance of 3072 and the other of 6144.
What do you need to do to load balance your EIGRP routes?
Correct Answer:
BC
🗳️
Every routing protocol supports equal cost path load balancing. In addition, Interior Gateway Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. Use the variance n command in order to instruct the router to include routes with a metric of less than n times the minimum metric route for that destination. The variable n can take a value between 1 and 128. The default is 1, which means equal cost load balancing. Traffic is also distributed among the links with unequal costs, proportionately, with respect to the metric.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13677-19.html#topic1
DRAG DROP -
Drag each route source from the left to the numbers on the right. Beginning with the lowest and ending with the highest administrative distance.
Select and Place:
Correct Answer:
Which two circumstances can prevent two routers from establishing an OSPF neighbor adjacency? (Choose two.)
Correct Answer:
DE
🗳️
Which three describe the reasons large OSPF networks use a hierarchical design? (Choose three.)
Correct Answer:
ABE
🗳️
Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
Correct Answer:
A
🗳️
Refer to the exhibit. On R1 which routing protocol is in use on the route to 192.168.10.1?
Correct Answer:
D
🗳️
Refer to the exhibit. Which Command do you enter so that R1 advertises the loopback0 interface to the BGP Peers?
Correct Answer:
A
🗳️
Refer to exhibit. What Administrative distance has route to 192.168.10.1?
Correct Answer:
B
🗳️
Which value is used to determine the active router in an HSRP default configuration?
Correct Answer:
B
🗳️
Q. If there is no priority configured for a standby group, what determines which router is active?
A. The priority field is used to elect the active router and the standby router for the specific group. In the case of an equal priority, the router with the highest IP address for the respective group is elected as active. Furthermore, if there are more than two routers in the group, the second highest IP address determines the standby router and the other router/routers are in the listen state.
Refer to the exhibit. If RTR01 is configured as shown, which three addresses will be received by other routers that are running EIGRP on the network? (Choose three.)
Correct Answer:
ACD
🗳️
Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?
Correct Answer:
A
🗳️
Simply because that will be the default behavior routers would follow in the event all other routers in the HSRP group fail, then it would not keep attributes such as priority or preemption. What preemption does in summary is to make sure that the configured Priority on all routers within the same HSRP group is always respected. That is, if R1 is configured on the HSRP group with a priority of 150 but he stands as active since all other routers currently subscribed to that group have a priority 150, then will router will preempt the current active router and will take over hence becoming the new active router.
With preemption disabled, the new router does not preempt the current active router, unless routers in the group have to renegotiate their roles based on each router's priority at the time of negotiation.
Which two statements about eBGP neighbor relationships are true? (Choose two.)
Correct Answer:
AB
🗳️
Refer to the exhibit. How will the router handle a packet destined for 192.0.2.156?
Correct Answer:
C
🗳️
Which statements describe the routing protocol OSPF? (Choose three.)
Correct Answer:
ACE
🗳️
The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth.
OSPF uses flooding to exchange link-state updates between routers. Any change in routing information is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-state updates. Flooding and calculation of the Dijkstra algorithm on a router is limited to changes within an area.
Refer to the exhibit. After you apply the given configurations to R1 and R2 you notice that OSPFv3 fails to start.
Correct Answer:
A
🗳️
Which command is used to display the collection of OSPF link states?
Correct Answer:
D
🗳️
The "show ip ospf database" command displays the link states. Here is an example:
Here is the lsa database on R2.
R2#show ip ospf database -
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 793 0x80000003 0x004F85 210.4.4.4 10.4.4.4 776 0x80000004 0x005643 1111.111.111.111
111.111.111.111 755 0x80000005 0x0059CA 2133.133.133.133 133.133.133.133 775 0x80000005 0x00B5B1 2 Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum10.1.1.1 111.111.111.111 794 0x80000001 0x001E8B10.2.2.3 133.133.133.133 812 0x80000001 0x004BA910.4.4.1
111.111.111.111 755 0x80000001 0x007F1610.4.4.3 133.133.133.133 775 0x80000001 0x00C31F
Refer to the exhibit. A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.)
Correct Answer:
BCD
🗳️
The "network 192.168.12.64 0.0.0.63 equals to network 192.168.12.64/26. This network has:
✑ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000) + Network address:
192.168.12.64
✑ Broadcast address: 192.168.12.127
Therefore all interface in the range of this network will join OSPF.
Refer to the exhibit. C-router is to be used as a "router-on-a-stick" to route between the VLANs. All the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs have been configured with the appropriate default gateway. What is true about this configuration?
Correct Answer:
D
🗳️
Since all the same router (C-router) is the default gateway for all three VLANs, all traffic destined to a different VLA will be sent to the C-router. The C-router will have knowledge of all three networks since they will appear as directly connected in the routing table. Since the C-router already knows how to get to all three networks, no routing protocols need to be configured.
Refer to the exhibit. Which address and mask combination represents a summary of the routes learned by EIGRP?
Correct Answer:
C
🗳️
The binary version of 20 is 10100.
The binary version of 16 is 10000.
The binary version of 24 is 11000.
The binary version of 28 is 11100.
The subnet mask is /28. The mask is 255.255.255.240.
Note:
From the output above, EIGRP learned 4 routes and we need to find out the summary of them:
✑ 192.168.25.16
192.168.25.20
✑ 192.168.25.24
✑ 192.168.25.28
-> The increment should be 28 ?16 = 12 but 12 is not an exponentiation of 2; so we must choose 16 (24). Therefore the subnet mask is /28 (=1111 1111.1111
1111.1111 1111.11110000) = 255.255.255.240.
So the best answer should be 192.168.25.16 255.255.255.240.
Refer to the exhibit. Given the output for this command, if the router ID has not been manually set, what router ID will OSPF use for this router?
Correct Answer:
C
🗳️
The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.
Refer to the exhibit. When running EIGRP, what is required for RouterA to exchange routing updates with RouterC?
Correct Answer:
A
🗳️
This question is to examine the understanding of the interaction between EIGRP routers. The following information must be matched so as to create neighborhood. EIGRP routers to establish, must match the following information:
1. AS Number;
2. K value.
A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot establish an adjacency relationship on their common
Ethernet link.
The graphic shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the cause of this problem?
Correct Answer:
D
🗳️
In OSPF, the hello and dead intervals must match and here we can see the hello interval is set to 5 on R1 and 10 on R2. The dead interval is also set to 20 on R1 but it is 40 on R2.
Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)
Correct Answer:
BC
🗳️
If all OSPF routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface?
Correct Answer:
C
🗳️
The OSPF Hello protocol performs which of the following tasks? (Choose two.)
Correct Answer:
AC
🗳️
What are two requirements for an HSRP group? (Choose two.)
Correct Answer:
AB
🗳️
Exactly one active router: Only one Active Router per HSRP group will be elected based on highest priority. In case of equal priority, Highest IP address will be elected as Active Router.
One or more standby routers: There can be one or more Standby Routers.
Which two pieces of information can you learn by viewing the routing table? (Choose two.)
Correct Answer:
CE
🗳️

Refer to the exhibit. Which route type does the routing protocol Code D represent in the output?
Correct Answer:
B
🗳️
An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured and the connecting interfaces are in the same 192.168.1.0/30 subnet. What are the next two steps to complete the configuration? (Choose two.)
Correct Answer:
BC
🗳️

Refer to the exhibit. A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?
Correct Answer:
D
🗳️
The router will use the default route since there is no entry for the destination address/subnet entry in the routine table.

Refer to the exhibit. A packet is being sent across router R1 to host 172.16.3.14. To which destination does the router send the packet?
Correct Answer:
D
🗳️
The longest matching route to 172.16.3.14 is the 182.16.3.0/28 route, using Serial 0/0/1 with a next hop of 207.165.200.254.

Refer to the exhibit. Router R2 is configured with multiple routes to reach network 10.1.1.0/24 from router R1. Which path is chosen by router R2 to reach the destination network 10.1.1.0/24?
Correct Answer:
A
🗳️

Refer to the exhibit. What is the next hop address for traffic that is destined to host 10.0.1.5?
Correct Answer:
D
🗳️

Refer to the exhibit. A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLANs 10, 11, 12, and 13. What is the next step in the configuration?
Correct Answer:
B
🗳️
DRAG DROP -
A network engineer is configuring an OSPFv2 neighbor adjacency. Drag and drop the parameters from the left onto their required categories on the right. Not all parameters are used.
Select and Place:
Correct Answer:
R1 has learned route 192.168.12.0/24 via IS-IS, OSPF, RIP, and Internal EIGRP. Under normal operating conditions, which routing protocol is installed in the routing table?
Correct Answer:
B
🗳️
With the same route (prefix), the router will choose the routing protocol with lowest Administrative Distance (AD) to install into the routing table. The AD of Internal
EIGRP (90) is lowest so it would be chosen. The table below lists the ADs of popular routing protocols.
Note: The AD of IS-IS is 115. The ג€EIGRPג€ in the table above is ג€Internal EIGRPג€. The AD of ג€External EIGRPג€ is 170. An EIGRP external route is a route that was redistributed into EIGRP.

Refer to the exhibit. The default-information originate command is configured under the R1 OSPF configuration. After testing, workstations on VLAN 20 at Site
B cannot reach a DNS server on the Internet.
Which action corrects the configuration issue?
Correct Answer:
C
🗳️

Refer to the exhibit. With which metric was the route to host 172.16.0.202 learned?
Correct Answer:
C
🗳️
Both the line ג€O 172.16.0.128/25ג€ and ג€S 172.16.0.0/24ג€ cover the host 172.16.0.202 but with the ג€longest (prefix) matchג€ rule the router will choose the first route.
A user configured OSPF in a single area between two routers. A serial interface connecting R1 and R2 is running encapsulation PPP. By default, which OSPF network type is seen on this interface when the user types show ip ospf interface on R1 or R2?
Correct Answer:
B
🗳️
Which MAC address is recognized as a VRRP virtual address?
Correct Answer:
A
🗳️

Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites.
Which two tasks must be performed so that the Se0/0/0 interfaces on the Atlanta and Washington routers reach one another? (Choose two.)
Correct Answer:
BD
🗳️
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?
Correct Answer:
D
🗳️
If a router learns two different paths for the same network from the same routing protocol, it has to decide which route is better and will be placed in the routing table. Metric is the measure used to decide which route is better (lower number is better). Each routing protocol uses its own metric.
For example, RIP uses hop counts as a metric, while OSPF uses cost.
Reference:
https://study-ccna.com/administrative-distance-metric/
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?
Correct Answer:
D
🗳️

Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2?
Correct Answer:
D
🗳️
The destination IP addresses match all four entries in the routing table but the 192.168.16.0/27 has the longest prefix so it will be chosen. This is called the
ג€longest prefix matchג€ rule.

Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond?
Correct Answer:
D
🗳️
Our new static default route has the Administrative Distance (AD) of 120, which is bigger than the AD of OSPF External route (O*E2) so it will not be pushed into the routing table until the current OSPF External route is removed.
For your information, if you don't type the AD of 120 (using the command ג€ip route 0.0.0.0 0.0.0.0 10.13.0.1ג€) then the new static default route would replace the
OSPF default route as the default AD of static route is 1. You will see such line in the routing table:
S* 0.0.0.0/0 [1/0] via 10.13.0.1
Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.)
Correct Answer:
DF
🗳️
This question is to examine the conditions for OSPF to create neighborhood. So as to make the two routers become neighbors, each router must be matched with the following items:
1. The area ID and its types
2. Hello and failure time interval timer
3. OSPF Password (Optional)

Refer to the exhibit. Which command configures a floating static route to provide a backup to the primary link?
Correct Answer:
A
🗳️

Refer to the exhibit. An engineer configured the New York router with static routes that point to the Atlanta and Washington sites. Which command must be configured on the Atlanta and Washington routers so that both sites are able to reach the loopback2 interface on the New York router?
Correct Answer:
A
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/ip6-route-static-xe.html#GUID-85796C3A-3143-4DF7-B9D0-
8EC87D0DB08B
What is the effect when loopback interfaces and the configured router ID are absent during the OSPF Process configuration?
Correct Answer:
D
🗳️

Refer to the exhibit. What is the metric of the route to the 192.168.10.33/28 subnet?
Correct Answer:
E
🗳️

Refer to the exhibit. Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15. What is the next hop to the destination address?
Correct Answer:
A
🗳️
The router will choose the route will the longest matching prefix, in this case that is 10.0.1.0.28.
When the active router in a VRRP group fails, which router assumes the role and forwards packets?
Correct Answer:
C
🗳️
Which action does the router take as it forwards a packet through the network?
Correct Answer:
C
🗳️
Reference:
https://www.freeccnastudyguide.com/study-guides/ccna/ch4/ip-routing/

Refer to the exhibit. Which two prefixes are included in this routing table entry? (Choose two.)
Correct Answer:
AB
🗳️
Which virtual MAC address is used by VRRP group 1?
Correct Answer:
D
🗳️
What is the purpose of using First Hop Redundancy Protocol on a specific subnet?
Correct Answer:
B
🗳️
The routers in the FHRP group share a virtual MAC and Virtual IP and that acts as the Default Gateway for the HOSTS. It provides redundancy is case a router fails, no need to change the default gateway information.
Refer to the exhibit. Which configuration issue is preventing the OSPF neighbor relationship from being established between the two routers?
Correct Answer:
C
🗳️

Refer to the exhibit. When router R1 is sending traffic to IP address 10.56.192.1, which interface or next hop address does it use to route the packet?
Correct Answer:
A
🗳️

Refer to the exhibit. Load-balanced traffic is coming in from the WAN destined to a host at 172.16.1.190. Which next-hop is used by the router to forward the request?
Correct Answer:
C
🗳️
What is a benefit of VRRP?
Correct Answer:
A
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/addr_serv/configuration/guide/ic40crs1book_chapter10.html

Refer to the exhibit. Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which commands on R3 configure it as the DR in the
10.0.4.0/24 network?
Correct Answer:
D
🗳️
In the case of OSPF, 0 means you will never be elected as DR or BDR. Default priority is 1. Highest priority will be elected as the DR.

Refer to the exhibit. A network engineer must configure R1 so that it sends all packets destined to the 10.0.0.0/24 network to R3, and all packets destined to PC1 to R2. Which configuration must the engineer implement?
Correct Answer:
C
🗳️

Refer to the exhibit. All traffic enters the CPE router from interface Serial0/3 with an IP address of 192.168.50.1. Web traffic from the WAN is destined for a LAN network where servers are load-balanced. An IP packet with a destination address of the HTTP virtual IP of 192.168.1.250 must be forwarded. Which routing table entry does the router use?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer assumes a configuration task from a peer. Router A must establish an OSPF neighbor relationship with neighbor 172.1.1.1. The output displays the status of the adjacency after 2 hours. What is the next step in the configuration process for the routers to establish an adjacency?
Correct Answer:
A
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13684-12.html#neighbors

Refer to the exhibit. Which two configurations must the engineer apply on this network so that R1 becomes the DR? (Choose two.)
Correct Answer:
AC
🗳️

Refer to the exhibit. Which command configures OSPF on the point-to-point link between routers R1 and R2?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer is in the process of establishing IP connectivity between two sites. Routers R1 and R2 are partially configured with IP addressing. Both routers have the ability to access devices on their respective LANs. Which command set configures the IP connectivity between devices located on both LANs in each site?
Correct Answer:
D
🗳️

Refer to the exhibit. Which next-hop IP address does Router1 use for packets destined to host 10.10.13.158?
Correct Answer:
A
🗳️

Refer to the exhibit. Packets received by the router from BGP enter via a serial interface at 209.165.201.1. Each route is present within the routing table. Which interface is used to forward traffic with a destination IP of 10.1.1.19?
Correct Answer:
A
🗳️

Refer to the exhibit. Which route must be configured on R1 so that OSPF routing is used when OSPF is up, but the server is still reachable when OSPF goes down?
Correct Answer:
A
🗳️
This is an example of a floating static route when the Administrative Distance must be greater than the primary route. Currently the OSPF AD for the route is 110, so if that route was to go away then this route with an AD of 125 would be used.

Refer to the exhibit. What is the next hop for traffic entering R1 with a destination of 10.1.2.126?
Correct Answer:
A
🗳️

Refer to the exhibit. Which prefix did router R1 learn from internal EIGRP?
Correct Answer:
D
🗳️

Refer to the exhibit. R5 is the current DR on the network, and R4 is the BDR. Their interfaces are flapping, so a network engineer wants the OSPF network to elect a different DR and BDR. Which set of configurations must the engineer implement?
Correct Answer:
C
🗳️

Refer to the exhibit. Web traffic is coming in from the WAN interface. Which route takes precedence when the router is processing traffic destined for the LAN network at 10.0.10.0/24?
Correct Answer:
A
🗳️

Refer to the exhibit. A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What is the subnet mask of the destination route?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence must be configured?
Correct Answer:
B
🗳️
An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1. The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?
Correct Answer:
D
🗳️

Refer to the exhibit. Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18?
Correct Answer:
B
🗳️

Refer to the exhibit. A company is configuring a failover plan and must implement the default routes in such a way that a floating static route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be used?
Correct Answer:
A
🗳️
The primary route should use the default administrative distance, since the AD for static routes is 1.
OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied to router R1 to avoid a DR'BDR election?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the management network must be blocked from pinging the default gateway of the new server. Which command must be configured on R1 to complete the task?
Correct Answer:
C
🗳️
By specifying the outgoing interface and not the next hop IP address, the Management devices will be able to ping the new server, but not the default gateway of the server.

Refer to the exhibit. Router R1 currently is configured to use R3 as the primary route to the internet, and the route uses the default administrative distance settings. A network engineer must configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on R1 so that it correctly uses R2 as a backup route, without changing the administrative distance configuration on the link to R3?
Correct Answer:
D
🗳️

Refer to the exhibit. Which action must be taken to ensure that router A is elected as the DR for OSPF area 0?
Correct Answer:
A
🗳️

Refer to the exhibit. Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route is present within the routing table. Which interface is used to forward traffic with a destination IP of 10.10 10 24?
Correct Answer:
B
🗳️

Refer to the exhibit. If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?
Correct Answer:
D
🗳️

Refer to the exhibit. Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an engineer verified that each of the four Gigabit interfaces has the same route to 10 10.0.0/16.
Which interface will R1 choose to send traffic to reach the route?
Correct Answer:
B
🗳️

Refer to the exhibit. Which network prefix was learned via EIGRP?
Correct Answer:
D
🗳️

Refer to the exhibit. Which command must be issued to enable a floating static default route on router A?
Correct Answer:
A
🗳️

Refer to the exhibit. Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging OSPF information between routers?
Correct Answer:
C
🗳️

Refer to the exhibit. When an administrator executes the show ip route command on router D to view its routing table, which value is displayed for the administrative distance for the route to network 192.168 1.0?
Correct Answer:
A
🗳️

Refer to the exhibit Routers R1 and R2 have been configured with their respective LAN interfaces. The two circuits are operational and reachable across WAN.
Which command set establishes failover redundancy if the primary circuit goes down?
Correct Answer:
D
🗳️

Refer to the exhibit. R1 learns all routes via OSPF. Which command configures a backup static route on R1 to reach the 192.168.20 0/24 network via R3?
Correct Answer:
A
🗳️

Refer to the exhibit. R1 has taken the DROTHER role in the OSPF DR/BDR election process. Which configuration must an engineer implement so that R1 is elected as the DR?
Correct Answer:
D
🗳️
Which SDN plane forwards user-generated traffic?
Correct Answer:
D
🗳️
An application in the network is being scaled up from 300 servers to 600. Each server requires 3 network connections to support production, backup, and management traffic. Each connection resides on a different subnet. The router configuration for the production network must be configured first using a subnet in the 10.0.0.0/8 network. Which command must be configured on the interface of the router to accommodate the requirements and limit wasted IP address space?
Correct Answer:
A
🗳️

Refer to the exhibit. Which interface is chosen to forward traffic to the host at 192.168.0.55?
Correct Answer:
C
🗳️

Refer to the exhibit. The administrator must configure a floating static default route that points to 2001:db8:1234:2::1 and replaces the current default route only if it fails. Which command must the engineer configure on the CPE?
Correct Answer:
A
🗳️

Refer to the exhibit. Router OldR is replacing another router on the network with the intention of having OldR and R2 exchange routes. After the engineer applied the initial OSPF configuration, the routes were still missing on both devices. Which command sequence must be issued before the clear IP ospf process command is entered to enable the neighbor relationship?
Correct Answer:
D
🗳️
With OSPF each router must have a unique router ID. Here we see that both routers have a router ID of 192.168.1.1. Removing the router-id command on the
OldR will force it to use one of its actual interface IP addresses as the router ID.
DRAG DROP -
Refer to the exhibit. Drag and drop the prefix lengths from the left onto the corresponding prefixes on the right. Not all prefixes are used.
Select and Place:
Correct Answer:

Refer to the exhibit. What is the subnet mask for route 172.16.4.0?
Correct Answer:
C
🗳️

Refer to the exhibit. A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that resides on R86. Which command must be used to fulfill the request?
Correct Answer:
B
🗳️

Refer to the exhibit. The network engineer is configuring router R2 as a replacement router on the network. After the initial configuration is applied, it is determined that R2 failed to show R1 as a neighbor. Which configuration must be applied to R2 to complete the OSPF configuration and enable it to establish the neighbor relationship with R1?
Correct Answer:
C
🗳️
For OSPF the hello and dead timers must match to become neighbors. R1 is configured with a dead time of 40 seconds, while R2 is set to 45 seconds.

Refer to the exhibit. All interfaces are configured with duplex auto and ip ospf network broadcast. Which configuration allows routers R14 and R86 to form an
OSPFv2 adjacency and act as a central point for exchanging OSPF information between routers?
Correct Answer:
A
🗳️
A packet from a company's branch office is destined to host 172.31.0.1 at headquarters. The sending router has three possible matches in its routing table for the packet: prefixes 172.31.0.0/16, 172.31.0.0/24, and 172.31.0.0/25. How does the router handle the packet?
Correct Answer:
C
🗳️

Refer to the exhibit. An engineer is asked to configure router R1 so that it forms an OSPF single-area neighbor relationship with R2. Which command sequence must be implemented to configure the router?
Correct Answer:
C
🗳️

Refer to the exhibit. All routers in the network are configured. R2 must be the DR. After the engineer connected the devices, R1 was elected as the DR. Which command sequence must be configured on R2 to be elected as the DR in the network?
Correct Answer:
A
🗳️

Refer to the exhibit. The router R1 is in the process of being configured. Routers R2 and R3 are configured correctly for the new environment. Which two commands must be configured on R1 for PC1 to communicate to all PCs on the 10.10.10.0/24 network? (Choose two.)
Correct Answer:
AE
🗳️

Refer to the exhibit. What is the subnet mask of the route to the 10.10.13.160 prefix?
Correct Answer:
D
🗳️

Refer to the exhibit. Which two commands, when configured on router R1, fulfill these requirements? (Choose two.)
✑ Packets toward the entire network 2001:db8:23::/64 must be forwarded through router R2.
Packets toward host 2001:db8:23::14 preferably must be forwarded through R3.
Correct Answer:
BC
🗳️

Refer to the exhibit. Traffic from R1 to the 10.10.2.0/24 subnet uses 192.168.1.2 as its next hop. A network engineer wants to update the R1 configuration so that traffic with destination 10.10 2.1 passes through router R3, and all other traffic to the 10.10.2.0/24 subnet passes through R2. Which command must be used?
Correct Answer:
D
🗳️
Here we need to add a host route for the specific 10.10.2.1 host, which means using a subnet mask of 255.255.255.255. We also need to configure an
Administrative Distance that is less than the default OSPF AD of 115.

Refer to the exhibit. The image server and client A are running an application that transfers an extremely high volume of data between the two. An engineer is configuring a dedicated circuit between R1 and R2. Which set of commands must the engineer apply to the routers so that only traffic between the image server and client A is forces to use the new circuit?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer is checking the routing table in the main router to identify the path to a server on the network. Which route does the router use to reach the server at 192.168.2.2?
Correct Answer:
B
🗳️
Refer to the exhibit. An OSPF neighbor relationship must be configured using these guidelines:
✑ R1 is only permitted to establish a neighbor with R2.
✑ R1 will never participate in DR elections.
✑ R1 will use a router-id of 10.1.1.1.
Which configuration must be used?
A.
B.
C.
D.
Correct Answer:
A

Refer to the exhibit. What is the prefix length for the route that router1 will use to reach host A?
Correct Answer:
D
🗳️

Refer to the exhibit. After applying this configuration to router R1, a network engineer is verifying the implementation. If all links are operating normally, and the engineer sends a series of packets from PC1 to PC3, how are the packets routed?
Correct Answer:
D
🗳️

Refer to the exhibit. When router R1 receives a packet with destination IP address 10.56.0.62, through which interface does it route the packet?
Correct Answer:
A
🗳️

Refer to the exhibit. How much OSPF be configured on the GigabitEthernet0/0 interface of the neighbor device to achieve the destined neighbor relationship?
Correct Answer:
D
🗳️

An engineer just installed network 10.120.10.0/24. Which configuration must be applied to the R14 router to add the new network to its OSPF routing table?
Correct Answer:
A
🗳️
What are two benefits of FHRPs? (Choose two.)
Correct Answer:
DE
🗳️
What is the MAC address used with VRRP as a virtual address?
Correct Answer:
B
🗳️
Why would VRRP be implemented when configuring a new subnet in a multivendor environment?
Correct Answer:
B
🗳️
VRRP is the industry standards based FHRP similar to Cisco's HSRP but is supported by multiple vendors.
Why implement VRRP?
Correct Answer:
B
🗳️
Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet as their default gateway address?
Correct Answer:
B
🗳️
By default, which virtual MAC address does HSRP group 14 use?
Correct Answer:
D
🗳️

Refer to the exhibit. Router R1 is added to the network and configured with the 10.0.0.64/26 and 10.0.20.0/26 subnets. However, traffic destined for the LAN on
R3 is not accessible. Which command when executed on R1 defines a static route to reach the R3 LAN?
Correct Answer:
D
🗳️
We need to specify the destination network (10.0.15.0/24) and the next hop IP of the router to get to that network (10.0.20.3).
A router has two static routes to the same destination network under the same OSPF process. How does the router forward packets to the destination if the net- hop devices are different?
Correct Answer:
D
🗳️
Load balancing is a standard functionality of Cisco IOS Software that is available across all router platforms. It is inherent to the forwarding process in the router, and it enables a router to use multiple paths to a destination when it forwards packets. The number of paths used is limited by the number of entries that the routing protocol puts in the routing table. Four entries is the default in Cisco IOS Software for IP routing protocols except for BGP. BGP has a default of one entry.
What does the implementation of a first-hop redundancy protocol protect against on a network?
Correct Answer:
A
🗳️
Which feature or protocol is required for an IP SLA to measure UDP jitter?
Correct Answer:
D
🗳️
Refer to the exhibit. Which feature is enabled by this configuration?
Correct Answer:
C
🗳️
Which NAT term is defined as a group of addresses available for NAT use?
Correct Answer:
A
🗳️
Which command can you enter to allow Telnet to be supported in addition to SSH?
Correct Answer:
A
🗳️
Refer to the exhibit. After you apply the given configuration to a router, the DHCP clients behind the device cannot communicate with hosts outside of their subnet.
Which action is most likely to correct the problem?
Correct Answer:
D
🗳️
Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict?
Correct Answer:
A
🗳️
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.
Which command can you enter to determine the addresses that have been assigned on a DHCP Server?
Correct Answer:
C
🗳️
What is the authoritative source for an address lookup?
Correct Answer:
A
🗳️
Which command is used to verify the DHCP relay agent address that has been set up on your Cisco IOS router?
Correct Answer:
D
🗳️
Which type of information resides on a DHCP server?
Correct Answer:
A
🗳️
What are two roles of Domain Name Services (DNS)? (Choose two.)
Correct Answer:
DE
🗳️
Which Cisco IOS command will indicate that interface GigabitEthernet 0/0 is configured via DHCP?
Correct Answer:
D
🗳️
What will happen if you configure the logging trap debug command on a router?
Correct Answer:
C
🗳️
A network administrator enters the following command on a router: logging trap 3. What are three message types that will be sent to the Syslog server? (Choose three.)
Correct Answer:
BDF
🗳️
DRAG DROP -
Drag and drop the network protocols from the left onto the correct transport services on the right.
Select and Place:
Correct Answer:
A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
Correct Answer:
B
🗳️
SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
The SNMP framework has three parts:
ג€¢ An SNMP manager
ג€¢ An SNMP agent
ג€¢ A Management Information Base (MIB)
The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects.
With SNMP, the network administrator can send commands to multiple routers to do the backup.
Which command enables a router to become a DHCP client?
Correct Answer:
A
🗳️
If we want to get an IP address from the DHCP server on a Cisco device, we can use the command ג€ip address dhcpג€.
Note: The command ג€ip helper-addressג€ enables a router to become a DHCP Relay Agent.
Which function does an SNMP agent perform?
Correct Answer:
A
🗳️
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two.)
Correct Answer:
BD
🗳️
Which command must be entered when a device is configured as an NTP server?
Correct Answer:
B
🗳️
What event has occurred if a router sends a notice level message to a syslog server?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If the switch and DHCP server configurations are complete and correct, which two sets of commands must be configured on R1 and R2 to complete the task? (Choose two.)
Correct Answer:
BC
🗳️
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two.)
Correct Answer:
DE
🗳️
Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:
1. The average queue size is calculated.
2. If the average is less than the minimum queue threshold, the arriving packet is queued.
3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic.
4. If the average queue size is greater than the maximum threshold, the packet is dropped.
WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times.
WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15-mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html

Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP after the NAT has taken place?
Correct Answer:
C
🗳️
If a notice-level message is sent to a syslog server, which event has occurred?
Correct Answer:
C
🗳️
Usually no action is required when a route flaps so it generates the notification syslog level message (level 5).
DRAG DROP -
Drag and drop the functions from the left onto the correct network components on the right.
Select and Place:
Correct Answer:
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two.)
Correct Answer:
AC
🗳️
To configure authentication, perform this task in privileged mode:
Step 1: Configure an authentication key pair for NTP and specify whether the key will be trusted or untrusted.
Step 2: Set the IP address of the NTP server and the public key.
Step 3: Enable NTP client mode.
Step 4: Enable NTP authentication.
Step 5: Verify the NTP configuration.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/ntp.html
What is the primary purpose of a First Hop Redundancy Protocol?
Correct Answer:
D
🗳️
An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any one of three addresses: 192.168.3.1, 192.168.3.2, or 192.168.3.3. Which configuration should be used?
Correct Answer:
D
🗳️
When the active router in an HSRP group fails, which router assumes the role and forwards packets?
Correct Answer:
C
🗳️
What protocol allows an engineer to back up 20 network router configurations globally while using the copy function?
Correct Answer:
D
🗳️
Which type of address is the public IP address of a NAT device?
Correct Answer:
C
🗳️
NAT use four types of addresses:
✑ Inside local address - The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network
Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
✑ Inside global address - A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
✑ Outside local address - The IP address of an outside host as it is known to the hosts on the inside network.
✑ Outside global address - The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Which two pieces of information can you determine from the output of the show ntp status command? (Choose two.)
Correct Answer:
BD
🗳️
Below is the output of the ג€show ntp statusג€ command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.
Which keyword in a NAT configuration enables the use of one outside IP address for multiple inside hosts?
Correct Answer:
D
🗳️
By adding the keyword ג€overloadג€ at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.
An example of using ג€overloadג€ keyword is shown below:
R1(config)# ip nat inside source list 1 interface ethernet1 overload
Which feature or protocol determines whether the QOS on the network is sufficient to support IP services?
Correct Answer:
C
🗳️
IP SLA allows an IT professional to collect information about network performance in real time. Therefore it helps determine whether the QoS on the network is sufficient for IP services or not.
Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs.
In QoS, which prioritization method is appropriate for interactive voice and video?
Correct Answer:
C
🗳️
Low Latency Queuing (LLQ) is the preferred queuing policy for VoIP audio. Given the stringent delay/jitter sensitive requirements of voice and video and the need to synchronize audio and video for CUVA, priority (LLQ) queuing is the recommended for all video traffic as well. Note that, for video, priority bandwidth is generally fudged up by 20% to account for the overhead.
DRAG DROP -
Drag and drop the SNMP components from the left onto the descriptions on the right.
Select and Place:
Correct Answer:
What is the purpose of traffic shaping?
Correct Answer:
D
🗳️
The primary reasons you would use traffic shaping are to control access to available bandwidth, to ensure that traffic conforms to the policies established for it, and to regulate the flow of traffic in order to avoid congestion that can occur when the sent traffic exceeds the access speed of its remote, target interface.
What is a function of TFTP in network operations?
Correct Answer:
A
🗳️
What is a DHCP client?
Correct Answer:
B
🗳️
Where does the configuration reside when a helper address is configured lo support DHCP?
Correct Answer:
B
🗳️
What facilitates a Telnet connection between devices by entering the device name?
Correct Answer:
B
🗳️
When deploying syslog, which severity level logs informational messages?
Correct Answer:
D
🗳️
Reference:
https://en.wikipedia.org/wiki/Syslog
DRAG DROP -
Refer to the exhibit. An engineer is configuring the router to provide static NAT for the webserver. Drag and drop the configuration commands from the left onto the letters that correspond to its position in the configuration on the fight.
Select and Place:
Correct Answer:
Which two QoS tools provide congestion management? (Choose two.)
Correct Answer:
AE
🗳️
Which QoS tool is used to optimize voice traffic on a network that is primarily intended for data traffic?
Correct Answer:
D
🗳️
An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which feature must be enabled and configured to prevent connection issues with the printer?
Correct Answer:
C
🗳️
Passive clients are wireless devices, such as scales and printers that are configured with a static IP address. These clients do not transmit any IP information such as IP address, subnet mask, and gateway information when they associate with an access point. As a result, when passive clients are used, the controller never knows the IP address unless they use the DHCP.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/ m_configuring_passive_clients.html
When a client and server are not on the same physical network, which device is used to forward requests and replies between client and server for DHCP?
Correct Answer:
B
🗳️

Refer to the exhibit. The ntp server 192.168.0.3 command has been configured on router 1 to make it an NTP client of router 2. Which command must be configured on router 2 so that it operates in server-only mode and relies only on its internal clock?
Correct Answer:
D
🗳️
Which protocol requires authentication to transfer a backup configuration file from a router to a remote server?
Correct Answer:
A
🗳️
Which condition must be met before an NMS handles an SNMP trap from an agent?
Correct Answer:
C
🗳️
An engineer is configuring switch SW1 to act as an NTP server when all upstream NTP server connectivity fails. Which configuration must be used?
Correct Answer:
B
🗳️
ntp server192.168.1.1 makes the SW1 a client to the primary server reachable with an IP address of 192.168.1.1
NTP server makes SW1 a server and uses its own internal clock to provide the time when the connectivity to the primary server 192.168.1.1 fails.
A network administrator must enable DHCP services between two sites. What must be configured for the router to pass DHCPDISCOVER messages on to the server?
Correct Answer:
B
🗳️
Which level of severity must be set to get informational syslogs?
Correct Answer:
D
🗳️
On workstations running Microsoft Windows, which protocol provides the default gateway for the device?
Correct Answer:
B
🗳️
Which two statements about NTP operations are true? (Choose two.)
Correct Answer:
AB
🗳️

Refer to the exhibit. Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while allowing devices on VLAN
100 to use their own IP addresses?
Correct Answer:
A
🗳️

Refer to the exhibit. Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted connections? (Choose two.)
Correct Answer:
CE
🗳️
Which command implies the use of SNMPv3?
Correct Answer:
A
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/15-e/snmp-15-e-book.pdf
R1 as an NTP server must have:
✑ NTP authentication enabled
✑ NTP packets sourced from Interface loopback 0
✑ NTP stratum 2
✑ NTP packets only permitted to client IP 209.165.200.225
How should R1 be configured?
Correct Answer:
D
🗳️
What is a capability of FTP in network management operations?
Correct Answer:
B
🗳️
Reference:
https://en.wikipedia.org/wiki/File_Transfer_Protocol#:~:text=The%20File%20Transfer%20Protocol%20(FTP,the%20client%20and%20the%20server
A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer has already configured the host name on the router. Which additional command must the engineer configure before entering the command to generate the RSA key?
Correct Answer:
C
🗳️
Reference:
https://www.letsconfig.com/how-to-configure-ssh-on-cisco-ios-devices/
Which QoS traffic handling technique retains excess packets in a queue and reschedules these packets for later transmission when the configured maximum bandwidth has been surpassed?
Correct Answer:
D
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Which command must be entered to configure a DHCP relay?
Correct Answer:
D
🗳️
Reference:
https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html#:~:text=ip%20helper%2Daddress%20address,-Example%
3A&text=Forwards%20UPD%20broadcasts%2C%20including%20BOOTP%20and%20DHCP.&text=The%20address%20argument%20can%20be,to%20respond
%20to%20DHCP%20requests

Refer to the exhibit. The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP configuration to allow clients on
VLAN 1 to receive addresses from the DHCP server?
Correct Answer:
C
🗳️
A network analyst is tasked with configuring the date and time on a router using EXEC mode. The date must be set to January 1, 2020 and the time must be set to
12:00 am. Which command should be used?
Correct Answer:
D
🗳️
Which command creates a static NAT binding for a PC address of 10.1.1.1 to the public routable address 209.165.200.225 assigned to the PC?
Correct Answer:
A
🗳️
What prevents a workstation from receiving a DHCP address?
Correct Answer:
C
🗳️
What is a feature of TFTP?
Correct Answer:
A
🗳️
Which QoS forwarding per-hop behavior changes a specific value in a packet header to set the class of service for the packet?
Correct Answer:
D
🗳️

Refer to the exhibit. How should the configuration be updated to allow PC1 and PC2 access to the Internet?
Correct Answer:
D
🗳️
What is the purpose of the ip address dhcp command?
Correct Answer:
B
🗳️

Refer to the exhibit. Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R4?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right.
Select and Place:
Correct Answer:
An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum configuration required to permit remote management using the cryptographic protocol?
Correct Answer:
B
🗳️
Which per-hop traffic-control feature does an ISP implement to mitigate the potential negative effects of a customer exceeding its committed bandwidth?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the QoS terms from the left onto the descriptions on the right.
Select and Place:
Correct Answer:
Which remote access protocol provides unsecured remote CLI access?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the functions of SNMP fault-management from the left onto the definitions on the right.
Select and Place:
Correct Answer:

Refer to the exhibit. Which router or router group are NTP clients?
Correct Answer:
D
🗳️

Refer to the exhibit. What is the next step to complete the implementation for the partial NAT configuration shown?
Correct Answer:
B
🗳️
What is a syslog facility?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the functions of DHCP from the left onto any of the positions on the right. Not all functions are used.
Select and Place:
Correct Answer:

Refer to the exhibit. A newly configured PC fails to connect to the internet by using TCP port 80 to www.cisco.com. Which setting must be modified for the connection to work?
Correct Answer:
B
🗳️
Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic flow?
Correct Answer:
B
🗳️
Use the police command to mark a packet with different quality of service (QoS) values based on conformance to the service-level agreement. Traffic policing allows you to control the maximum rate of traffic transmitted or received on an interface.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book/traffic_policing.html
Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?
Correct Answer:
D
🗳️
What is the function of FTP?
Correct Answer:
D
🗳️
How does TFTP operate in a network?
Correct Answer:
C
🗳️

Refer to the exhibit. Which plan must be implemented to ensure optimal QoS marking practices on this network?
Correct Answer:
A
🗳️
Tell the switch to trust CoS markings from a Cisco IP phone on the access port. Cisco IP phones use 802.1q tags, these .1q tags contain the CoS value, to mark voice traffic at layer 2. When it's forwarded upstream, the DSCP value is trusted (on the uplink port) and unchanged, but the .1q tag (and with it the CoS value) is stripped off by the upstream switch when received over the trunk.
How does QoS optimize voice traffic?
Correct Answer:
C
🗳️
Which QoS tool can you use to optimize voice traffic on a network that is primarily intended for data traffic?
Correct Answer:
C
🗳️

Refer to the exhibit. Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to the Internet for users in VLAN 200?
Correct Answer:
D
🗳️
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphones. How is the application secured in the case of a user's smartphone being lost or stolen?
Correct Answer:
A
🗳️
Which device performs stateful inspection of traffic?
Correct Answer:
B
🗳️
A network administrator enabled port security on a switch interface connected to a printer. What is the next configuration action in order to allow the port to learn the MAC address of the printer and insert it into the table automatically?
Correct Answer:
C
🗳️

Refer to the exhibit. An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable privilege mode via Telnet using a local username and password?
Correct Answer:
B
🗳️
Which effect does the aaa new-model configuration command have?
Correct Answer:
A
🗳️
Refer to the exhibit. Which two events occur on the interface, if packets from an unknown Source address arrive after the interface learns the maximum number of secure MAC address? (Choose two.)
Correct Answer:
AE
🗳️
Which technology must be implemented to configure network device monitoring with the highest security?
Correct Answer:
D
🗳️
Refer to the exhibit. Which two statements about the interface that generated the output are true? (Choose two.)
Correct Answer:
AC
🗳️
Refer to the exhibit. Which statement about the interface that generated the output is true?
Correct Answer:
B
🗳️

Refer to the exhibit. What is the effect of this configuration?
Correct Answer:
C
🗳️
Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.
What is the difference between AAA authentication and authorization?
Correct Answer:
A
🗳️
AAA stands for Authentication, Authorization and Accounting.
✑ Authentication: Specify who you are (usually via login username & password)
✑ Authorization: Specify what actions you can do, what resource you can access
✑ Accounting: Monitor what you do, how long you do it (can be used for billing and auditing)
An example of AAA is shown below:
✑ Authentication: ג€I am a normal user. My username/password is user_tom/learnforeverג€
✑ Authorization: ג€user_tom can access LearnCCNA server via HTTP and FTPג€
✑ Accounting: ג€user_tom accessed LearnCCNA server for 2 hoursג€. This user only uses ג€showג€ commands.
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.)
Correct Answer:
BC
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/multi-preshared-key.pdf
DRAG DROP -
Drag and drop the AAA functions from the left onto the correct AAA services on the right.
Select and Place:
Correct Answer:
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two.)
Correct Answer:
CD
🗳️
An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe, but the link may have contained malicious code.
Which type of security program is in place?
Correct Answer:
A
🗳️
This is a training program which simulates an attack, not a real attack (as it says ג€The webpage that opens reports that it was safeג€) so we believed it should be called a ג€user awarenessג€ program. Therefore the best answer here should be ג€user awarenessג€. This is the definition of ג€User awarenessג€ from CCNA 200-301
Offical Cert Guide Book:
ג€User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. ג€
Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked.
DRAG DROP -
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.
Select and Place:
Correct Answer:
Layer 2 Security Mechanism includes WPA+WPA2, 802.1X, Static WEP, CKIP while Layer 3 Security Mechanisms (for WLAN) includes IPSec, VPN Pass-
Through, Web Passthrough ג€¦
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?
Correct Answer:
B
🗳️
Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used.
Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109669-secure-wlc.html
Which set of actions satisfy the requirement for multifactor authentication?
Correct Answer:
C
🗳️
This is an example of how two-factor authentication (2FA) works:
1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user's second-factor method (such as a smartphone app).
4. The user confirms their identity by providing the additional authentication for their second-factor method.
Which configuration is needed to generate an RSA key for SSH on a router?
Correct Answer:
C
🗳️

Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.
Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)
Correct Answer:
AD
🗳️
An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?
Correct Answer:
B
🗳️
Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options. TKIP is actually an older encryption protocol introduced with
WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn't be using it.
AES is a more secure encryption protocol introduced with WPA2 and it is currently the strongest encryption type for WPA2-PSK/.
DRAG DROP -
Drag and drop the attack-mitigation techniques from the left onto the types of attack that they mitigate on the right.
Select and Place:
Correct Answer:
Refer to the exhibit. Which configuration for RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic?
A.
B.
C.
D.
Correct Answer:
B
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)
Correct Answer:
BE
🗳️
Traffic might be permitted if the permit statement is too braid, meaning that you are allowing more traffic than what is specifically needed, or if the matching permit statement is placed ahead of the deny traffic. Routers will look at traffic and compare it to the ACL and once a match is found, the router acts accordingly to that rule.
The service password-encryption command is entered on a router. What is the effect of this configuration?
Correct Answer:
A
🗳️
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?
Correct Answer:
A
🗳️
Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface fastethernet 0/1?
Correct Answer:
C
🗳️
Refer to the exhibit. An administrator configures four switches for local authentication using passwords that are stored as a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements?
Correct Answer:
C
🗳️

Refer to the exhibit. What is the effect of this configuration?
Correct Answer:
A
🗳️
Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking.
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?
Correct Answer:
A
🗳️
A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. A site-to-site
VPN means that two sites create a VPN tunnel by encrypting and sending data between two devices. One set of rules for creating a site-to-site VPN is defined by
IPsec.
Which type of wireless encryption is used for WPA2 in preshared key mode?
Correct Answer:
C
🗳️
We can see in this picture we have to type 64 hexadecimal characters (256 bit) for the WPA2 passphrase so we can deduce the encryption is AES-256, not AES-
128.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html
DRAG DROP -
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.
Select and Place:
Correct Answer:
Double-Tagging attack:
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).
When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed.
Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.
Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.
To mitigate this type of attack, you can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic to specific victims/servers) or implement Private VLANs.
ARP attack (like ARP poisoning/spoofing) is a type of attack in which a malicious actor sends falsified ARP messages over a local area network as ARP allows a gratuitous reply from a host even if an ARP request was not received. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP which is at Layer 2. Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network which can be used to mitigate this type of attack.
Which command prevents passwords from being stored in the configuration as plain text on a router or switch?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes the task?
A.
B.
C.
D.
Correct Answer:
D
In which two ways does a password manager reduce the chance of a hacker stealing a user's password? (Choose two.)
Correct Answer:
AE
🗳️
Which goal is achieved by the implementation of private IPv4 addressing on a network?
Correct Answer:
A
🗳️
Which type of attack is mitigated by dynamic ARP inspection?
Correct Answer:
C
🗳️
What is a function of a remote access VPN?
Correct Answer:
D
🗳️
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two.)
Correct Answer:
DE
🗳️

Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
Correct Answer:
D
🗳️
Already a statement is there in last to allow SSH Traffic for network 10.20.1.0 0.0.0.127, but Second statement says deny ip any 10.20.1.0 0.0.0.255, so how it will work once it is denied. So the right answer is remove the --- no access-list 2699 deny ip any 10.20.1.0 0.0.0.255.
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
Correct Answer:
C
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html
What is a practice that protects a network from VLAN hopping attacks?
Correct Answer:
C
🗳️
Where does a switch maintain DHCP snooping information?
Correct Answer:
D
🗳️
A network administrator must configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client. Which configuration, when applied, meets the requirements?
Correct Answer:
D
🗳️
When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI, which format is supported?
Correct Answer:
B
🗳️

Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?
Correct Answer:
D
🗳️
Which two protocols must be disabled to increase security for management connections to a Wireless LAN Controller? (Choose two.)
Correct Answer:
CD
🗳️
Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?
Correct Answer:
A
🗳️
Which function is performed by DHCP snooping?
Correct Answer:
B
🗳️
DRAG DROP -
An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured. Drag and drop the configuration commands from the left into the correct sequence on the right. Not all commands are used.
Select and Place:
Correct Answer:
Which protocol is used for secure remote CLI access?
Correct Answer:
D
🗳️
Which implementation provides the strongest encryption combination for the wireless environment?
Correct Answer:
D
🗳️
What does physical access control regulate?
Correct Answer:
A
🗳️
A network engineer is asked to configure VLANS 2, 3, and 4 for a new implementation. Some ports must be assigned to the new VLANS with unused ports remaining. Which action should be taken for the unused ports?
Correct Answer:
C
🗳️
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?
Correct Answer:
B
🗳️
What mechanism carries multicast traffic between remote sites and supports encryption?
Correct Answer:
D
🗳️

Refer to the exhibit. An access-list is required to permit traffic from any host on interface Gi0/0 and deny traffic from interface Gi0/1. Which access list must be applied?
Correct Answer:
A
🗳️

Refer to the exhibit. Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two.)
Correct Answer:
BC
🗳️
Which service is missing when RADIUS is selected to provide management access to the WLC?
Correct Answer:
D
🗳️
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.
With RADIUS only the password is encrypted while the other information such as username, accounting information, etc are not encrypted. Encryption is "the process of converting information or data into a code, especially to prevent unauthorized access". So since RADIUS only encrypts the passwords, there is no confidentiality.
Which action implements physical access control as part of the security program of an organization?
Correct Answer:
B
🗳️
Which field within the access-request packet is encrypted by RADIUS?
Correct Answer:
B
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html
A Cisco engineer is configuring a factory-default router with these three passwords:
✑ The user EXEC password for console access is p4ssw0rd1.
✑ The user EXEC password for Telnet access is s3cr3t2.
✑ The password for privileged EXEC mode is priv4t3p4ss.
Which command sequence must the engineer configure?
Correct Answer:
D
🗳️
DRAG DROP -
An engineer is tasked to configure a switch with port security to ensure devices that forward unicasts, multicasts, and broadcasts are unable to flood the port. The port must be configured to permit only two random MAC addresses at a time. Drag and drop the required configuration commands from the left onto the sequence on the right. Not all commands are used.
Select and Place:
Correct Answer:
What is a function of Opportunistic Wireless Encryption in an environment?
Correct Answer:
B
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-12/config-guide/b_wl_16_12_cg/wpa3.html
DRAG DROP -
Drag and drop the AAA features from the left onto the corresponding AAA security services on the right. Not all options are used.
Select and Place:
Correct Answer:

Refer to the exhibit. Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?
Correct Answer:
D
🗳️

Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?
Correct Answer:
B
🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/wlan/configuration_guide/b_wlan_3se_5700_cg/ b_wlan_3se_5700_cg_chapter_01000.pdf
Which encryption method is used by WPA3?
Correct Answer:
C
🗳️
Which type of traffic is sent with pure IPsec?
Correct Answer:
C
🗳️
How does authentication differ from authorization?
Correct Answer:
B
🗳️
An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration for a Secure Shell access RSA key?
Correct Answer:
B
🗳️
Which type if network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?
Correct Answer:
A
🗳️
Which two components comprise part of a PKI? (Choose two.)
Correct Answer:
CD
🗳️
DRAG DROP -
Drag and drop the descriptions of AAA services from the left onto the corresponding services on the right.
Select and Place:
Correct Answer:
After a recent security breach and a RADIUS failure, an engineer must secure the console port of each enterprise router with a local username and password.
Which configuration must the engineer apply to accomplish this task?
Correct Answer:
A
🗳️
Which wireless security protocol relies on Perfect Forward Secrecy?
Correct Answer:
A
🗳️
What is a zero-day exploit?
Correct Answer:
C
🗳️
A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new switches will be configured for updated security standards including replacing.
Telnet services with encrypted connections and doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches?
(Choose two.)
Correct Answer:
AC
🗳️
What are two examples of multifactor authentication? (Choose two.)
Correct Answer:
BC
🗳️
Which characteristic differentiates the concept of authentication from authorization and accounting?
Correct Answer:
B
🗳️
What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?
Correct Answer:
A
🗳️
What is a feature of WPA?
Correct Answer:
A
🗳️
Which two practices are recommended for an acceptable security posture in a network? (Choose two.)
Correct Answer:
DE
🗳️
How does WPA3 improve security?
Correct Answer:
A
🗳️
What is a function of a Next-Generation IPS?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the statements about AAA from the left onto the corresponding AAA services on the right. Not all options are used.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the elements of a security program from the left onto the corresponding descriptions on the right.
Select and Place:
Correct Answer:
Which IPsec transport mode encrypts the IP header and the payload?
Correct Answer:
D
🗳️
What is the default port-security behavior on a trunk link?
Correct Answer:
A
🗳️
Which device separates networks by security domains?
Correct Answer:
B
🗳️
How are VLAN hopping attacks mitigated?
Correct Answer:
A
🗳️
Which enhancements were implemented as part of WPA3?
Correct Answer:
A
🗳️
When a site-to-site VPN is configured which IPsec mode provides encapsulation and encryption of the entire original IP packet?
Correct Answer:
D
🗳️
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?
Correct Answer:
A
🗳️
In an SDN architecture, which function of a network node is centralized on a controller?
Correct Answer:
C
🗳️
A controller, or SDN controller, centralizes the control of the networking devices. The degree of control, and the type of control, varies widely. For instance, the controller can perform all control plane functions (such as making routing decisions) replacing the devices' distributed control plane.
Reference:
https://www.ciscopress.com/articles/article.asp?p=2995354&seqNum=2#:~:text=A%20controller%2C%20or%20SDN%20controller,the%20devices'%
20distributed%20control%20plane
Which management security process is invoked when a user logs in to a network device using their username and password?
Correct Answer:
A
🗳️

Refer to the exhibit. What are the two steps an engineer must take to provide the highest encryption and authentication using domain credentials from LDAP?
(Choose two.)
Correct Answer:
CD
🗳️
Which enhancement is implemented in WPA3?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right.
Select and Place:
Correct Answer:

SW1 supports connectivity for a lobby conference room and must be secured. The engineer must limit the connectivity from PC1 to the SW1 and SW2 network.
The MAC addresses allowed must be limited to two. Which configuration secures the conference room connectivity?
Correct Answer:
A
🗳️

Refer to the exhibit. An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)
Correct Answer:
CD
🗳️
Which port security violation mode allows from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?
Correct Answer:
C
🗳️
A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?
Correct Answer:
B
🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/200295-Install-a-3rd-party-CA-certificate-in-IS.html
Which two wireless security standards use counter mode cipher block chaining Message Authentication Code Protocol for encryption and data integrity? (Choose two.)
Correct Answer:
BC
🗳️
A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be configured?
Correct Answer:
A
🗳️
What is a practice that protects a network from VLAN hopping attacks?
Correct Answer:
C
🗳️
An administrator must use the password complexity not manufacturer-name command to prevent users from adding `Cisco` as a password. Which command must be issued before this command?
Correct Answer:
C
🗳️
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine?
Correct Answer:
D
🗳️
Below are the 3 cloud supporting services cloud providers provide to customer:
✑ SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients' side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.
✑ PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with
PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications.
✑ IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing.
In general, IaaS provides hardware so that an organization can install their own operating system.
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
Correct Answer:
B
🗳️
Which purpose does a northbound API serve in a controller-based networking architecture?
Correct Answer:
A
🗳️
What benefit does controller-based networking provide versus traditional networking?
Correct Answer:
A
🗳️
What is an advantage of Cisco DNA Center versus traditional campus device management?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the characteristics of networking from the left onto the correct networking types on the right.
Select and Place:
Correct Answer:
What are two fundamentals of virtualization? (Choose two.)
Correct Answer:
AB
🗳️
How does Cisco DNA Center gather data from the network?
Correct Answer:
D
🗳️
Which statement compares traditional networks and controller-based networks?
Correct Answer:
A
🗳️
Most traditional devices use a distributed architecture, in which each control plane is resided in a networking device. Therefore, they need to communicate with each other via messages to work correctly.
In contrast to distributed architecture, centralized (or controller-based) architectures centralizes the control of networking devices into one device, called SDN controller.
What are two benefits of network automation? (Choose two.)
Correct Answer:
BC
🗳️
Which two encoding methods are supported by REST APIs? (Choose two.)
Correct Answer:
CD
🗳️
The Application Policy Infrastructure Controller (APIC) REST API is a programmatic interface that uses REST architecture. The API accepts and returns HTTP
(not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/ b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html
What are two characteristics of a controller-based network? (Choose two.)
Correct Answer:
CE
🗳️
Which output displays a JSON data representation?
A.
B.
C.
D.
Correct Answer:
C
JSON data is written as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:
ג€nameג€:ג€Markג€
JSON can use arrays. Array values must be of type string, number, object, array, boolean or null. For example:
{
ג€nameג€:ג€Johnג€,
ג€ageג€:30,
ג€carsג€:[ ג€Fordג€, ג€BMWג€, ג€Fiatג€ ]
}
JSON can have empty object like ג€taskIdג€:{}
DRAG DROP -
Drag and drop the descriptions from the left onto the configuration-management technologies on the right.
Select and Place:
Correct Answer:
The focus of Ansible is to be streamlined and fast, and to require no node agent installation. Thus, Ansible performs all functions over SSH. Ansible is built on
Python, in contrast to the Ruby foundation of Puppet and Chef.
TCP port 10002 is the command port. It may be configured in the Chef Push Jobs configuration file . This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs server.
Puppet is an open-source configuration management solution, which is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby
(ERB) templates to create custom Puppet language files, offering a declarative-paradigm programming approach.
A Puppet piece of code is called a manifest, and is a file with .pp extension.
Which two capabilities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two.)
Correct Answer:
AC
🗳️
Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities:
✑ Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for
IT and business innovation.
✑ Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes.
✑ Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment.
✑ SDKs allow management to be extended to third-party vendor's network devices to offer support for diverse environments.
Reference:
https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-cent-platf-aag-cte-en.html
DRAG DROP -
Drag and drop the descriptions of device management from the left onto the types of device management on the right.
Select and Place:
Correct Answer:
What software-defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information?
Correct Answer:
B
🗳️
What are two benefits of controller-based networking compared to traditional networking? (Choose two.)
Correct Answer:
BD
🗳️
Which type of API allows SDN controllers to dynamically make changes to the network?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the AAA terms from the left onto the descriptions on the right.
Select and Place:
Correct Answer:
Which option about JSON is true -
Correct Answer:
B
🗳️
JSON data is written as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:
ג€nameג€:ג€Markג€
JSON can use arrays. Array values must be of type string, number, object, array, boolean or null..
For example:
{
ג€nameג€:ג€Johnג€,
ג€ageג€:30,
ג€carsג€:[ ג€Fordג€, ג€BMWג€, ג€Fiatג€ ]
}
Which option best describes an API?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the characteristics of a cloud environment from the left onto the correct examples on the right.
Select and Place:
Correct Answer:
Which of the following is the JSON encoding of a dictionary or hash?
Correct Answer:
A
🗳️
Which role does a hypervisor provide for each virtual machine in server virtualization?
Correct Answer:
C
🗳️
What is the function of a server?
Correct Answer:
B
🗳️
Which CRUD operation modifies an existing table or view?
Correct Answer:
B
🗳️
In software-defined architectures, which plane is distributed and responsible for traffic forwarding?
Correct Answer:
C
🗳️
Refer to the exhibit. Which type of configuration is represented in the output?
Correct Answer:
D
🗳️
Reference:
https://forge.puppet.com/modules/puppetlabs/ciscopuppet/1.0.0
Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?
Correct Answer:
A
🗳️
What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?
Correct Answer:
C
🗳️
What uses HTTP messages to transfer data to applications residing on different hosts?
Correct Answer:
C
🗳️
Which JSON data type is an unordered set of attribute-value pairs?
Correct Answer:
D
🗳️
Which protocol is used in Software Defined Access (SDA) to provide a tunnel between two edge nodes in different fabrics?
Correct Answer:
C
🗳️
Which plane is centralized by an SDN controller?
Correct Answer:
D
🗳️
Where is the interface between the control plane and data plane within the software-defined architecture?
Correct Answer:
D
🗳️
Why would a network administrator choose to implement automation in a network environment?
Correct Answer:
A
🗳️
Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two.)
Correct Answer:
AD
🗳️
Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.)
Correct Answer:
AE
🗳️
In software-defined architecture, which plane handles switching for traffic through a Cisco router?
Correct Answer:
B
🗳️
What are two southbound APIs? (Choose two.)
Correct Answer:
DE
🗳️
OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should interact with the forwarding plane to make adjustments to the network, so it can better adapt to changing business requirements.
The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install, manipulate and delete configuration to network devices.
Other southbound APIs are:
ג€¢ onePK: a Cisco proprietary SBI to inspect or modify the network element configuration without hardware upgrades.
ג€¢ OpFlex: an open-standard, distributed control system. It send ג€summary policyג€ to network elements.
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
Correct Answer:
D
🗳️
Which API is used in controller-based architectures to interact with edge devices?
Correct Answer:
A
🗳️
DRAG DROP -
Drag and drop the statements about networking from the left onto the corresponding networking types on the right.
Select and Place:
Correct Answer:

Refer to the exhibit. What is represented beginning with line 1 and ending with line 5?
Correct Answer:
A
🗳️
Which CRUD operation corresponds to the HTTP GET method?
Correct Answer:
B
🗳️
Reference:
https://hub.packtpub.com/crud-operations-rest/
What differentiates device management enabled by Cisco DNA Center from traditional campus device management?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the statements about networking from the left onto the corresponding networking types on the right.
Select and Place:
Correct Answer:
Which two REST API status-code classes represent errors? (Choose two.)
Correct Answer:
DE
🗳️
How do servers connect to the network in a virtual environment?
Correct Answer:
D
🗳️
What is the function of the controller in a software-defined network?
Correct Answer:
C
🗳️
DRAG DROP -
Drag and drop the HTTP methods used with REST-based APIs from the left onto the descriptions on the right.
Select and Place:
Correct Answer:
What is a function of a southbound API?
Correct Answer:
C
🗳️
Which script paradigm does Puppet use?
Correct Answer:
D
🗳️
Which set of methods is supported with the REST API?
Correct Answer:
C
🗳️
Which technology is appropriate for communication between an SDN controller end applications running over the network?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop each characteristic of device-management technologies from the left onto the deployment type on the right.
Select and Place:
Correct Answer:
What is the function of `off-the-shelf` switches in a controller-based network?
Correct Answer:
B
🗳️
Which REST method updates an object in the Cisco DNA Center Intent API?
Correct Answer:
D
🗳️

Refer to the exhibit. How many JSON objects are represented?
Correct Answer:
D
🗳️
Which definition describes JWT in regard to REST API security?
Correct Answer:
C
🗳️

Refer to the exhibit. What is identified by the word `switch` within line 2 of the JSON Schema?
Correct Answer:
D
🗳️

Refer to the exhibit. Which type of JSON data is shown?
Correct Answer:
D
🗳️
DRAG DROP -
Drag and drop the characteristics from the left onto the technology types on the right.
Select and Place:
Correct Answer:
Which communication interaction takes place when a southbound API is used?
Correct Answer:
B
🗳️
What are two characteristics of a public cloud implementation? (Choose two.)
Correct Answer:
AC
🗳️
DRAG DROP -
Drag and drop the descriptions from the left on to the correct configuration-management technologies on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the REST API call methods for HTTP from the left onto the actions they perform on the right. Not all methods are used.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the REST principles from the left onto their definitions on the right.
Select and Place:
Correct Answer:
DRAG DROP -
Drag and drop the Ansible terms from the left onto the right.
Select and Place:
Correct Answer:

Refer to the exhibit. How many objects keys, and JSON list values are present?
Correct Answer:
B
🗳️
Which two primary drivers support the need for network automation? (Choose two.)
Correct Answer:
CE
🗳️
What is an expected outcome when network management automation is deployed?
Correct Answer:
D
🗳️

Refer to the exhibit. What is represented by `R1` and `SW1` within the JSON output?
Correct Answer:
B
🗳️
DRAG DROP -
Drag and drop the statements about networking from the left onto the corresponding networking types on the right.
Select and Place:
Correct Answer:
Which HTTP status code is returned after a successful REST API request?
Correct Answer:
A
🗳️
With REST API, which standard HTTP header tells a server which media type is expected by the client?
Correct Answer:
D
🗳️

Refer to the exhibit. How many objects are present in the given JSON-encoded data?
Correct Answer:
C
🗳️
What is the purpose of the Cisco DNA Center controller?
Correct Answer:
A
🗳️
Cisco DNA Center is a powerful network controller and management dashboard for secure access to networks and applications. It lets you take charge of your network, optimize your Cisco investment, and lower your IT spending.
Reference:
https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-so-cte-en.html
What is the function of the controller in a software-defined network?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line but not from show running-config. Which command completes the configuration?
Correct Answer:
B
🗳️
Which statement identifies the functionality of virtual machines?
Correct Answer:
B
🗳️
Which network plane is centralized and manages routing decisions?
Correct Answer:
D
🗳️
What is a benefit of using private IPv4 addressing?
Correct Answer:
A
🗳️

Refer to the exhibit. A network engineer must provide configured IP addressing details to investigate a firewall rule issue. Which subnet and mask identify what is configured on the en0 interface?
Correct Answer:
C
🗳️
What are two characteristics of a small office / home office connection environment? (Choose two.)
Correct Answer:
BD
🗳️
Which element of a virtualization solution manages virtualized services and enables connections between virtualized services and external interfaces?
Correct Answer:
C
🗳️
Which group of channels in the 802.11b/gin/ac/ax 2.4 GHz frequency bands are nonoverlapping channels?
Correct Answer:
B
🗳️
What is a function of Layer 3 switches?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the RF terms from the left onto the corresponding statements on the right.
Correct Answer:
Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules and another switch using 1000 BASE-SX SFP modules?
Correct Answer:
D
🗳️
DRAG DROP
-
Drag and drop the virtualization concepts from the left onto the matching statements on the right.
Correct Answer:
What is a benefit of a point-to-point leased line?
Correct Answer:
C
🗳️
Why is TCP desired over UDP for applications that require extensive error checking, such as HTTPS?
Correct Answer:
A
🗳️
Which component controls and distributes physical resources for each virtual machine?
Correct Answer:
A
🗳️
What is the role of nonoverlapping channels in a wireless environment?
Correct Answer:
B
🗳️
What are two advantages of implementing a controller-based architecture instead of traditional network architecture? (Choose two.)
Correct Answer:
DE
🗳️
What is the purpose of the service-set identifier?
Correct Answer:
B
🗳️
Which is a fact related to FTP?
Correct Answer:
C
🗳️
How do UTP and STP cables compare?
Correct Answer:
B
🗳️
What are two disadvantages of a full-mesh topology? (Choose two.)
Correct Answer:
AD
🗳️
DRAG DROP
-
Drag and drop the wireless standards from the left onto the number of nonoverlapping channels they support on the right.
Correct Answer:
Which technology allows for multiple operating systems to be run on a single host computer?
Correct Answer:
D
🗳️
Why would an administrator choose to implement an automated network management solution?
Correct Answer:
A
🗳️
What is a function of the core and distribution layers in a collapsed-core architecture?
Correct Answer:
C
🗳️
What must be considered before deploying virtual machines?
Correct Answer:
A
🗳️
What are two facts that differentiate optical-fiber cabling from copper cabling? (Choose two.)
Correct Answer:
CE
🗳️
What are two behaviors of a point-to-point WAN topology? (Choose two.)
Correct Answer:
BD
🗳️
What is a link-local all-nodes IPv6 multicast address?
Correct Answer:
A
🗳️
Which is a reason to implement IPv4 private addressing?
Correct Answer:
C
🗳️
Which signal frequency appears 60 times per minute?
Correct Answer:
A
🗳️
What is a function of spine-and-leaf architecture?
Correct Answer:
A
🗳️
What is a function of an endpoint?
Correct Answer:
D
🗳️
What is a function of MAC address learning?
Correct Answer:
C
🗳️
Which IPv6 address range is suitable for anycast addresses for distributed services such as DHCP or DNS?
Correct Answer:
B
🗳️
What is a similarity between OM3 and OM4 fiber optic cable?
Correct Answer:
C
🗳️
Which device segregates a network into separate zones that have their own security policies?
Correct Answer:
D
🗳️
What is the primary purpose of private address space?
Correct Answer:
C
🗳️
What is a characteristic of a collapsed-core network topology?
Correct Answer:
D
🗳️
A technician receives a report of network slowness and the issue has been isolated to the interface FastEthemet0/13. What is the root cause of the issue?
FastEthernet0/13 is up, line protocol is up
Hardware is Fast Ethernet, address is 0001.4d27.66cd (bia 0001.4d27.66cd)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 250/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set -
Auto-duplex (Full) Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 18:52:43, output 00:00:01, output hang never
Last clearing of “show interface” counters never
Queueing strategy: fifo -
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 12000 bits/sec, 6 packets/sec
5 minute output rate 24000 bits/sec, 6 packets/sec
14488019 packets input, 2434163609 bytes
Received 345348 broadcasts, 0 runts, 0 giants, 0 throttles
261028 input errors, 259429 CRC, 1599 frame, 0 overrun, 0 ignored
0 watchdog, 84207 multicast
0 input packets with dribble condition detected
19658279 packets output, 3529106068 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Correct Answer:
C
🗳️
What occurs when overlapping Wi-Fi channels are implemented?
Correct Answer:
A
🗳️

Refer to the exhibit. An administrator received a call from a branch office regarding poor application performance hosted at the headquarters. Ethernet 1 is connected between Router1 and the LAN switch. What identifies the issue?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the cloud-computing components from the left onto the correct descriptions on the right.
Correct Answer:
What is the functionality of the Cisco DNA Center?
Correct Answer:
D
🗳️

Refer to the exhibit. Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using an industry-standard protocol, and to support full IP connectivity between all PCs?
Correct Answer:
C
🗳️
Which functionality is provided by the console connection on a Cisco WLC?
Correct Answer:
C
🗳️

Refer to the exhibit. Host A switch interface is configured in VLAN 2. Host D sends a unicast packet destined for the IP address of host A.
What does the switch do when it receives the frame from host D?
Correct Answer:
A
🗳️

Refer to the exhibit. A Cisco engineer creates a new WLAN called lantest. Which two actions must be performed so that only high-speed 2.4-Ghz clients connect? (Choose two.)
Correct Answer:
AE
🗳️
How does Rapid PVST+ create a fast loop-free network topology?
Correct Answer:
D
🗳️
Which two functions does a WLC perform in the lightweight access-point architecture that an AP performs independently in an autonomous architecture? (Choose two.)
Correct Answer:
AB
🗳️

Refer to the exhibit. A network engineer is configuring a wireless LAN with Web Passthrough Layer 3 Web Policy. Which action must the engineer take to complete the configuration?
Correct Answer:
C
🗳️
A network administrator plans an update to the WI-FI networks in multiple branch offices. Each location is configured with an SSID called “Office”. The administrator wants every user who connects to the SSID at any location to have the same access level. What must be set the same on each network to meet the requirement?
Correct Answer:
C
🗳️

Refer to the exhibit. The P2P Blocking Action option is disabled on the WLC. The security team has a new requirement for each client to retain their assigned IP addressing as the clients move between locations in the campus network. Which action completes this configuration?
Correct Answer:
C
🗳️

Refer to the exhibit. A multivendor network exists and the company is implementing VoIP over the network for the first time. Which configuration is needed to implement the neighbor discovery protocol on the interface and allow it to remain off for the remaining interfaces?
Correct Answer:
B
🗳️

Refer to the exhibit. Routers R1, R2, and R3 use a protocol to identify the neighbors’ IP addresses, hardware platforms, and software versions. A network engineer must configure R2 to avoid sharing any neighbor information with R3, and maintain its relationship with R1. What action meets this requirement?
Correct Answer:
D
🗳️
SIP-based Call Admission Control must be configured in the Cisco WLC GUI. SIP call-snooping ports are configured. Which two actions must be completed next? (Choose two.)
Correct Answer:
BD
🗳️

Refer to the exhibit. A network administrator configures an interface on a new switch so that it connects to interface Gi1/0/1 on switch Cat9300-1. Which configuration must be applied to the new interface?
Correct Answer:
B
🗳️
Which command enables HTTP access to the Cisco WLC?
Correct Answer:
D
🗳️
Which port state processes BPDUs, but does not forward packets or update the address database in Rapid PVST+?
Correct Answer:
A
🗳️
A switch is forwarding a frame out of all interfaces except the interface that received the frame. What is the technical term for this process?
Correct Answer:
C
🗳️

Refer to the exhibit. Rapid PVST+ mode is on the same VLAN on each switch. Which switch becomes the root bridge and why?
Correct Answer:
C
🗳️
Which EtherChannel mode must be configured when using LAG on a WLC?
Correct Answer:
A
🗳️
DRAG DROP
-
Drag and drop the VLAN port modes from the left onto the descriptions on the right.
Correct Answer:
Which switch concept is used to create separate broadcast domains?
Correct Answer:
C
🗳️
How must a switch interface be configured when an AP is in FlexConnect mode?
Correct Answer:
A
🗳️
What are two features of PortFast? (Choose two.)
Correct Answer:
BC
🗳️
What is the root port in STP?
Correct Answer:
D
🗳️
When a switch receives a frame from an unknown source MAC address, which action does the switch take with the frame?
Correct Answer:
C
🗳️
When the LAG configuration is updated on a Cisco WLC, which additional task must be performed when changes are complete?
Correct Answer:
A
🗳️

Refer to the exhibit. An engineer ts building a new Layer 2 LACP EtherChannel between SW1 and SW2, and they executed the given show commands to verify the work. Which additional task must be performed so that the switches successfully bundle the second member in the LACP port-channel?
Correct Answer:
D
🗳️

Refer to the exhibit. VLAN 23 is being implemented between SW1 and SW2. The command show interface ethernet0/0 switchport has been issued on SW1. Ethernet0/0 on SW1 is the uplink to SW2. Which command when entered on the uplink interface allows PC 1 and PC 2 to communicate without impact to the communication between PC 11 and PC 12?
Correct Answer:
A
🗳️
A network engineer starts to implement a new wireless LAN by configuring the authentication server and creating the dynamic interface. What must be performed next to complete the basic configuration?
Correct Answer:
D
🗳️

Refer to the exhibit. An architect is managing a wireless network with APs from several branch offices connecting to the WLC in the data center. There is a new requirement for a single WLAN to process the client data traffic without sending it to the WLC. Which action must be taken to complete the request?
Correct Answer:
B
🗳️
What must be considered for a locally switched FlexConnect AP if the VLANs that are used by the AP and client access are different?
Correct Answer:
C
🗳️
Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatically logged out?
Correct Answer:
D
🗳️
A Cisco engineer at a new branch office is configuring a wireless network with access points that connect to a controller that is based at corporate headquarters. Wireless client traffic must terminate at the branch office and access-point survivability is required in the event of a WAN outage. Which access point mode must be selected?
Correct Answer:
B
🗳️
What is an advantage of using auto mode versus static mode for power allocation when an access point is connected to a PoE switch port?
Correct Answer:
D
🗳️

Refer to the exhibit. Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local database. The WLAN is configured for local EAP authentication. The time that users access the network must not be limited. Which action completes this configuration?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the wireless architecture benefits from the left onto the architecture types on the right.
Correct Answer:
What is a specification for SSIDs?
Correct Answer:
C
🗳️
What is a reason to configure a trunk port that connects to a WLC distribution port?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the WLAN components from the left onto the correct descriptions on the right.
Correct Answer:

Refer to the exhibit. A Cisco WLC administrator is creating a new wireless network with enhanced SSID security. The new network must operate at 2.4 Ghz with 54 Mbps of throughput. Which set of tasks must the administrator perform to complete the configuration?
Correct Answer:
A
🗳️
Which switching feature removes unused MAC addresses from the MAC address table, which allows new MAC addresses to be added?
Correct Answer:
A
🗳️

Refer to the exhibit. A network engineer configures the CCNA WLAN so that clients must reauthenticate hourly and to limit the number of simultaneous connections to the WLAN to 10. Which two actions complete this configuration? (Choose two.)
Correct Answer:
BD
🗳️

Refer to the exhibit. The SW1 and SW2 Gi0/0 ports have been preconfigured. An engineer is given these requirements:
• Allow all PCs to communicate with each other at Layer 3.
• Configure untagged traffic to use VLAN 5.
• Disable VLAN 1 from being used.
Which configuration set meets these requirements?
Correct Answer:
C
🗳️

Refer to the exhibit. How must router A be configured so that it only sends Cisco Discovery Protocol information to router C?
Correct Answer:
A
🗳️

Refer to the exhibit. An administrator must turn off the Cisco Discovery Protocol on the port configured with address last usable address in the 10.0.0.0/30 subnet. Which command set meets the requirement?
Correct Answer:
B
🗳️
Which WLC port connects to a switch to pass normal access-point traffic?
Correct Answer:
D
🗳️
Which default condition must be considered when an encrypted mobility tunnel is used between two Cisco WLCs?
Correct Answer:
D
🗳️

Refer to the exhibit. After a recent internal security audit, the network administrator decided to block all P2P-capable devices from the selected SSID. Which configuration setting must the administrator apply?
Correct Answer:
A
🗳️
What is the primary purpose of a console port on a Cisco WLC?
Correct Answer:
D
🗳️
Which port type does a lightweight AP use to connect to the wired network when it is configured in local mode?
Correct Answer:
A
🗳️
Which step immediately follows receipt of the EAP success message when session resumption is disabled for an EAP-TLS connection?
Correct Answer:
C
🗳️

Refer to the exhibit. All interfaces are in the same VLAN. All switches are configured with the default STP priorities. During the STP elections, which switch becomes the root bridge?
Correct Answer:
D
🗳️
What are two port types used by a Cisco WLC for out-of-band management? (Choose two.)
Correct Answer:
AB
🗳️
What is a reason to implement LAG on a Cisco WLC?
Correct Answer:
A
🗳️
A wireless access point is needed and must meet these requirements:
• “zero-touch” deployed and managed by a WLC
• process only real-time MAC functionality
• used in a split-MAC architecture
Which access point type must be used?
Correct Answer:
C
🗳️
Which interface is used for out-of-band management on a WLC?
Correct Answer:
D
🗳️

Refer to the exhibit. How does SW2 interact with other switches in this VTP domain?
Correct Answer:
D
🗳️
A network engineer is upgrading a small data center to host several new applications, including server backups that are expected to account for up to 90% of the bandwidth during peak times. The data center connects to the MPLS network provider via a primary circuit and a secondary circuit. How does the engineer inexpensively update the data center to avoid saturation of the primary circuit by traffic associated with the backups?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer started to configure two directly-connected routers as shown. Which command sequence must the engineer configure on R2 so that the two routers become OSPF neighbors?
Correct Answer:
D
🗳️

Refer to the exhibit. What does route 10.0.1.3/32 represent in the routing table?
Correct Answer:
B
🗳️

Refer to the exhibit. Router R14 is in the process of being configured. Which configuration must be used to establish a host route to a PC 10?
Correct Answer:
D
🗳️

Refer to the exhibit. Which next-hop IP address has the least desirable metric when sourced from R1?
Correct Answer:
B
🗳️

Refer to the exhibit. The New York router must be configured so that traffic to 2000::1 is sent primarily via the Atlanta site, with a secondary path via Washington that has an administrative distance of 2. Which two commands must be configured on the New York router? (Choose two.)
Correct Answer:
AE
🗳️

Refer to the exhibit. The primary route across Gi0/0 is configured on both routers. A secondary route must be configured to establish connectivity between the workstation networks. Which command set must be configured to complete this task?
Correct Answer:
C
🗳️
DRAG DROP
-
Refer to the exhibit. Drag and drop the destination IPs from the left pnto the paths to reach those destinations on the right.
Correct Answer:

Refer to the exhibit. Which two values does router R1 use to determine the best path to reach destinations in network 1.0.0.0/8? (Choose two.)
Correct Answer:
BC
🗳️

Refer to the exhibit. A public IPv6 address must be configured for internet access. Which command must be configured on the R2 WAN interface to the service provider?
Correct Answer:
C
🗳️
DRAG DROP
-
Refer to the exhibit. Drag and drop the subnet masks from the left onto the corresponding subnets on the right. Not all subnet masks are used.
Correct Answer:

Refer to the exhibit. A network engineer must configure router R1 with a host route to the server. Which command must the engineer configure?
Correct Answer:
A
🗳️

Refer to the exhibit. IPv6 is being implemented within the enterprise. The command ipv6 unicast-routing is configured. Interface Gig0/0 on R1 must be configured to provide a dynamic assignment using the assigned IPv6 block. Which command accomplishes this task?
Correct Answer:
C
🗳️

Refer to the exhibit. With which metric does router R1 learn the route to host 172.16.0.202?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer must configure the link with these requirements:
• Consume as few IP addresses as possible.
• Leave at least two additional useable IP addresses for future growth.
Which set of configurations must be applied?
Correct Answer:
A
🗳️
DRAG DROP
-
Drag and drop the device behaviors from the left onto the matching HSRP state on the right.
Correct Answer:

Refer to the exhibit. A static route must be configured on R86 to forward traffic for the 172.16.34.0/29 network, which resides on R14. Which command must be used to fulfill the request?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer must configure a floating static route on an external EIGRP network. The destination subnet is the /29 on the LAN interface of R86. Which command must be executed on R14?
Correct Answer:
C
🗳️

Refer to the exhibit. What is the next-hop IP address for R2 so that PC2 reaches the application server via EIGRP?
Correct Answer:
B
🗳️

Refer to the exhibit. An IPv6 address must be obtained automatically on the LAN interface on R1. Which command must be implemented to accomplish the task?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer is updating the configuration on router R1 to connect a new branch office to the company network. R2 has been configured correctly. Which command must the engineer configure so that devices at the new site communicate with the main office?
Correct Answer:
B
🗳️
A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is 10.54.73.1/32, and the engineer configures IPv6 address 0:0:0:0:0:ffff:a36:4901, which prefix length must be used?
Correct Answer:
B
🗳️
A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become fully adjacent. Which command must be issued under the interface configuration on each router to reduce the time required for the adjacency to reach the FULL state?
Correct Answer:
D
🗳️

Refer to the exhibit. PC A is communicating with another device at IP address 10.227.225.255. Through which router does router Y route the traffic?
Correct Answer:
A
🗳️

Refer to the exhibit. A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the destination route?
Correct Answer:
B
🗳️

Refer to the exhibit. Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?
Correct Answer:
C
🗳️
What is the benefit of using FHRP?
Correct Answer:
C
🗳️
Why is a first-hop redundancy protocol implemented?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer executes the show ip route command on router D. What is the next hop to network 192.168.1.0/24 and why?
Correct Answer:
D
🗳️
What is a similarity between global and unique local IPv6 addresses?
Correct Answer:
A
🗳️
An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to compress it for easier configuration. Which command must be issued on the router interface?
Correct Answer:
A
🗳️

Refer to the exhibit. A packet that is sourced from 172.16.3.254 is destined for the IP address of GigabitEthernet0/0/0. What is the subnet mask of the destination route?
Correct Answer:
C
🗳️

Refer to the exhibit. The iPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be used?
Correct Answer:
B
🗳️

Refer to the exhibit. According to the output, which parameter set is validated using the routing table of R7?
Correct Answer:
B
🗳️
Which type of IPv4 address type helps to conserve the globally unique address classes?
Correct Answer:
C
🗳️
What are two purposes of HSRP? (Choose two.)
Correct Answer:
BC
🗳️
What are two benefits for using private IPv4 addressing? (Choose two.)
Correct Answer:
BC
🗳️
DRAG DROP
-
Refer to the exhibit. OSPF is running between site A and site B. Drag and drop the destination IPs from the left onto the network segments used to reach the destination on the right.
Correct Answer:

Refer to the exhibit. Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1 with a floating static route to service as a backup route to network 192.168.23. which command must the engineer configure on R1?
Correct Answer:
C
🗳️
When deploying a new network that includes both Cisco and third-party network devices, which redundancy protocol avoids the interruption of network traffic if the default gateway router fails?
Correct Answer:
A
🗳️
What are two benefits of private IPv4 addressing? (Choose two.)
Correct Answer:
CD
🗳️
Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail?
Correct Answer:
C
🗳️

Refer to the exhibit. Which entry is the longest prefix match for host IP address 192.168.10.5?
Correct Answer:
B
🗳️

Refer to the exhibit. How does router R1 handle traffic to 172.16.1.4 /30 subnet?
Correct Answer:
D
🗳️
Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two.)
Correct Answer:
CD
🗳️
DRAG DROP
-
Refer to the exhibit. Drag and drop the learned prefixes from the left onto the subnet masks on the right.
Correct Answer:

Refer to the exhibit. Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?
Correct Answer:
D
🗳️
DRAG DROP
-
Refer to the exhibit. The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative Distance is used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses on the right.
Correct Answer:
An engineer must configure a core router with a floating static default route to the backup router at 10.200.0.2. Which command meets the requirements?
Correct Answer:
B
🗳️

Refer to the exhibit. After configuring a new static route on the CPE, the engineer entered this series of commands to verify that the new configuration is operating normally. When is the static default route installed into the routing table?
Correct Answer:
C
🗳️

Refer to the exhibit. Packets are flowing from 192.168.10.1 to the destination at IP address 192.168.20.75. Which next hop will the router select for the packet?
Correct Answer:
B
🗳️
A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When the show ip route command is executed, which output does it return?
Correct Answer:
A
🗳️

Refer to the exhibit. User traffic originating within site B is failing to reach an application hosted on IP address 192.168.0.10, which is located within site A. What is determined by the routing table?
Correct Answer:
D
🗳️

Refer to the exhibit. Which two values does router R1 use to identify valid routes for the R3 loopback address 1.1.1.3/32? (Choose two.)
Correct Answer:
CE
🗳️
What is the role of community strings in SNMP operations?
Correct Answer:
D
🗳️
Which syslog severity level is considered the most severe and results in the system being considered unusable?
Correct Answer:
B
🗳️
The clients and DHCP server reside on different subnets. Which command must be used to forward requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP server at 192.168.10.1?
Correct Answer:
D
🗳️

Refer to the exhibit. Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while using 209.165.202.129 for Port Address Translation?
Correct Answer:
A
🗳️
Which IP header field is changed by a Cisco device when QoS marking is enabled?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the SNMP components from the left onto the descriptions on the right.
Correct Answer:
Which DSCP per-hop forwarding behavior is divided into subclasses based on drop probability?
Correct Answer:
A
🗳️
What are two features of the DHCP relay agent? (Choose two.)
Correct Answer:
AB
🗳️
A DHCP pool has been created with the name CONTROL. The pool uses the next to last usable IP address as the default gateway for the DHCP clients. The server is located at 172.16.32.15. What is the next step in the process for clients on the 192.168.52.0/24 subnet to reach the DHCP server?
Correct Answer:
B
🗳️
Which two transport layer protocols carry syslog messages? (Choose two.)
Correct Answer:
CD
🗳️
What is the purpose of classifying network traffic in QoS?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the Qos features from the left onto the corresponding statements on the right.
Correct Answer:

Refer to the exhibit. Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R3?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right.
Correct Answer:
Which two features introduced in SNMPv2 provide the ability to retrieve large amounts of data in one request and acknowledge a trap using PDUs? (Choose two.)
Correct Answer:
DE
🗳️
DRAG DROP
-
Drag and drop the DNS commands from the left onto their effects on the right.
Correct Answer:
What is the purpose of configuring different levels of syslog for different devices on the network?
Correct Answer:
A
🗳️

Refer to the exhibit. The DHCP server is configured with a DHCP pool for each of the subnets represented. Which command must be configured on switch SW1 to allow DHCP clients on VLAN 10 to receive dynamic IP addresses from the DHCP server?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the DNS lookup commands from the left onto the functions on the right.
Correct Answer:
Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?
Correct Answer:
A
🗳️
hostname CPE
service password-encryption
ip domain name ccna.cisco.com
ip name-server 198.51.100.210
crypto key generate rsa modulus 1024
username admin privilege 15 secret s0m3s3cr3t
line vty 0 4
transport input ssh
login local
Refer to the exhibit. An engineer executed the script and added commands that were not necessary for SSH and now must remove the commands. Which two commands must be executed to correct the configuration? (Choose two.)
Correct Answer:
AB
🗳️
Which two actions are taken as the result of traffic policing? (Choose two.)
Correct Answer:
AE
🗳️
Which two server types support domain name to IP address resolution? (Choose two.)
Correct Answer:
BD
🗳️
What is a purpose of traffic shaping?
Correct Answer:
D
🗳️
An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer configure to achieve the desired result?
Correct Answer:
D
🗳️
DRAG DROP
-
Drag and drop the attack-mitigation techniques from the left onto the types of attack that they mitigate on the right.
Correct Answer:
Which WLC management connection type is vulnerable to man-in-the-middle attacks?
Correct Answer:
B
🗳️

Refer to the exhibit. An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to global configuration mode via Telnet using a local username and password?
Correct Answer:
B
🗳️
Which type of encryption does WPA1 use for data protection?
Correct Answer:
C
🗳️

Refer to the exhibit. A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0. What is the effect of the configuration as the administrator applies the command?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the statements about AAA services from the left to the corresponding AAA services on the right. Not all options are used.
Correct Answer:
A network engineer must configure an access list on a new Cisco IOS router. The access list must deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which configuration must the engineer apply?
Correct Answer:
B
🗳️
What is the definition of backdoor malware?
Correct Answer:
C
🗳️
What does WPA3 provide in wireless networking?
Correct Answer:
B
🗳️
Which global command encrypts all passwords in the running configuration?
Correct Answer:
A
🗳️

Refer to the exhibit. A network administrator is configuring a router for user access via SSH. The service-password encryption command has been issued. The configuration must meet these requirements:
• Create the username as CCUser.
• Create the password as NA!2$cc.
• Encrypt the user password.
What must be configured to meet the requirements?
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer started to configure port security on a new switch. These requirements must be met:
• MAC addresses must be learned dynamically.
• Log messages must be generated without disabling the interface when unwanted traffic is seen.
Which two commands must be configured to complete this task? (Choose two.)
Correct Answer:
BC
🗳️
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?
Correct Answer:
C
🗳️
What are two protocols within the IPsec suite? (Choose two.)
Correct Answer:
CE
🗳️

Refer to the exhibit. Local access for R4 must be established and these requirements must be met:
• Only Telnet access is allowed.
• The enable password must be stored securely.
• The enable password must be applied in plain text.
• Full access to R4 must be permitted upon successful login.
Which configuration script meets the requirements?
Correct Answer:
A
🗳️
What is a characteristic of RSA?
Correct Answer:
D
🗳️
What are two differences between WPA2 and WPA3 wireless security? (Choose two.)
Correct Answer:
CD
🗳️
What is an enhancement implemented in WPA3?
Correct Answer:
D
🗳️
Which action must be taken when password protection is implemented?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the statements about AAA from the left onto the corresponding AAA services on the right. Not all options are used.
Correct Answer:
An engineer must configure R1 for a new user account. The account must meet these requirements:
• It must be configured in the local database.
• The username is engineer2.
• It must use the strongest password configurable.
Which command must the engineer configure on the router?
Correct Answer:
C
🗳️
Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)
Correct Answer:
AB
🗳️
DRAG DROP
-
Drag and drop the statements about AAA services from the left onto the corresponding AAA services on the right. Not all options are used.
Correct Answer:
What is a characteristic of RSA?
Correct Answer:
B
🗳️
What is used as a solution for protecting an individual network endpoint from attack?
Correct Answer:
A
🗳️
Which security method is used to prevent man-in-the-middle attacks?
Correct Answer:
B
🗳️
Which cipher is supported for wireless encryption only with the WPA2 standard?
Correct Answer:
B
🗳️

Refer to the exhibit. This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to add TCP access to the ONS service. Which configuration updates the ACL efficiently?
Correct Answer:
D
🗳️
Which WPA mode uses PSK authenticaton?
Correct Answer:
B
🗳️
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?
Correct Answer:
A
🗳️
To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of a security program is being deployed?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the characteristics of northbound APIs from the left onto any position on the right. Not all characteristics are used.
Correct Answer:
Which benefit does Cisco DNA Center provide over traditional campus management?
Correct Answer:
C
🗳️
How does Chef configuration management enforce a required device configuration?
Correct Answer:
D
🗳️
What is the PUT method within HTTP?
Correct Answer:
A
🗳️
Which advantage does the network assurance capability of Cisco DNA Center provide over traditional campus management?
Correct Answer:
A
🗳️

Refer to the exhibit. In which structure does the word “warning” directly reside?
Correct Answer:
B
🗳️
What is the purpose of a southbound API in a controller-based networking architecture?
Correct Answer:
D
🗳️
DRAG DROP
-
Drag and drop the statements about device management from the left onto the corresponding types on the right.
Correct Answer:
Which two northbound APIs are found in a software-defined network? (Choose two.)
Correct Answer:
AD
🗳️
Which function generally performed by a traditional network device is replaced by a software-defined controller?
Correct Answer:
D
🗳️
What describes a northbound REST API for SDN?
Correct Answer:
C
🗳️
When is the PUT method used within HTTP?
Correct Answer:
B
🗳️
Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two.)
Correct Answer:
CD
🗳️
What is the advantage of separating the control plane from the data plane within an SDN network?
Correct Answer:
D
🗳️

Refer to the exhibit. What is missing from this output for it to be executed?
Correct Answer:
D
🗳️
What is a function of a northbound API in an SDN environment?
Correct Answer:
D
🗳️
What is an Ansible inventory?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the Ansible features from the left to the right. Not all features are used.
Correct Answer:
What is a function of a northbound API?
Correct Answer:
A
🗳️

Refer to the exhibit. What does apple represent within the JSON data?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the use cases of device-management technologies from the left onto the corresponding types on the right.
Correct Answer:
Under the CRUD model, which two HTTP methods support the UPDATE operation? (Choose two.)
Correct Answer:
AE
🗳️
A network architect is considering whether to implement Cisco DNA Center to deploy devices on a new network. The organization is focused on reducing the time it currently takes to deploy devices in a traditional campus design. For which reason would Cisco DNA Center be more appropriate than traditional management options?
Correct Answer:
A
🗳️
DRAG DROP
-
Drag and drop the statements about device management from the left onto the corresponding device-management types on the right.
Correct Answer:
In a cloud-computing environment, what is rapid elasticity?
Correct Answer:
B
🗳️
Which interface enables communication between a program on the controller and a program on the networking device?
Correct Answer:
D
🗳️

Refer to the exhibit. How many arrays are present in the JSON data?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the configuration management terms from the left onto the descriptions on the right. Not all terms are used.
Correct Answer:
Which interface type enables an application running on a client to send data over an IP network to a server?
Correct Answer:
B
🗳️
Which QoS feature drops traffic that exceeds the committed access rate?
Correct Answer:
A
🗳️
What does traffic shaping do?
Correct Answer:
A
🗳️

Refer to the exhibit. A Cisco engineer is asked to update the configuration on switch 1 so that the EtherChannel stays up when one of the links fails. Which configuration meets this requirement?
Correct Answer:
B
🗳️
Which two protocols are supported on service-port interfaces? (Choose two.)
Correct Answer:
AD
🗳️
What is the benefit of using private IPv4 addressing?
Correct Answer:
B
🗳️
Two switches have been implemented and all interfaces are at the default configuration level. A trunk link must be implemented between two switches with these requirements:
• using an industry-standard trunking protocol
• permitting VLANs 1-10 and denying other VLANs
How must the interconnecting ports be configured?
Correct Answer:
C
🗳️

Refer to the exhibit. Traffic that is flowing over interface TenGigabitEthemet0/0/0 experiences slow transfer speeds. What is the cause of this issue?
Correct Answer:
C
🗳️
Which two host addresses are reserved for private use within an enterprise network? (Choose two.)
Correct Answer:
AC
🗳️

Refer to the exhibit. The iPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be used?
Correct Answer:
A
🗳️
What are two reasons to configure PortFast on a switch port attached to an end host? (Choose two.)
Correct Answer:
BD
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window
• All necessary preconfigurations have been applied
• Do not change the enable password or hostname for any device
• Save your configurations to NVRAM before moving to the next item
• Click Next at the bottom of the screen to submit this lab and move to the next question
• When Next is clicked the lab closes and cannot be reopened
Topology
-
Tasks
-
Physical connectivity is implemented between the two Layer 2 switches, and the network connectivity between them must be configured.
1. Configure an LACP EtherChannel and number it as 44; configure it between switches SW1 and SW2 using interfaces Ethemet0/0 and Ethernet0/1 on both sides. The LACP mode must match on both ends.
2. Configure the EtherChannel as a trunk link.
3. Configure the trunk link with 802.1q tags.
4. Configure VLAN 'MONITORING' as the untagged VLAN of the EtherChannel.
Correct Answer:
A network administrator wants the syslog server to filter incoming messages into different files based on their importance. Which filtering criteria must be used?
Correct Answer:
B
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window
• All necessary preconfigurations have been applied
• Do not change the enable password or hostname for any device
• Save your configurations to NVRAM before moving to the next item
• Click Next at the bottom of the screen to submit this lab and move to the next question
• When Next is clicked, the lab closes and cannot be reopened
Topology
-
Tasks
-
Connectivity between four routers has been established. IP connectivity must be configured in the order presented to complete the implementation. No dynamic routing protocols are included.
1. Configure static routing using host routes to establish connectivity from router R3 to the router R1 Loopback address using the source IP of 209.165.200.230.
2. Configure an IPv4 default route on router R2 destined for router R4.
3. Configure an IPv6 default router on router R2 destined for router R4.
Correct Answer:
Which interface or port on the WLC is the default for in-band device administration and communications between the controller and access points?
Correct Answer:
B
🗳️

Refer to the exhibit. A network administrator configures the CPE to provide internet access to the company headquarters. Traffic must be load-balanced via ISP1 and ISP2 to ensure redundancy.
Which two command sets must be configured on the CPE router? (Choose two.)
Correct Answer:
C
🗳️

Refer to the exhibit. A network engineer updates the existing configuration on interface fastethernet1/1 switch SW1. It must establish an EtherChannel by using the same group designation with another vendor switch. Which configuration must be performed to complete the process?
Correct Answer:
A
🗳️
Which two characteristics are representative of virtual machines (VMs)? (Choose two.)
Correct Answer:
AE
🗳️
What is the recommended switch load-balancing mode for Cisco WLCs?
Correct Answer:
A
🗳️
What must be considered when using 802.11a?
Correct Answer:
D
🗳️

Refer to the exhibit. An engineer configures interface fa0/1 on SW1 and SW2 to pass traffic from two different VLANs. For security reasons, company policy requires the native VLAN to be set to a nondefault value. Which configuration meets this requirement?
Correct Answer:
A
🗳️

Refer to the exhibit A new VLAN and switch are added to the network. A remote engineer configures OldSwitch and must ensure that the configuration meets these requirements:
• accommodates current configured VLANs
• expands the range to include VLAN 20
• allows for IEEE standard support for virtual LANs
Which configuration on the NewSwitch side of the link meets these requirements?
Correct Answer:
D
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices.
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.
Topology
-
Tasks
-
Connectivity between three routers has been established, and IP services must be configured in the order presented to complete the implementation. Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.
1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named PUBNET. To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.
2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on May 1, 2018.
3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a single command, exclude addresses 1 - 10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.
4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console.
Correct Answer:

Refer to the exhibit. A network engineer is adding another physical interface as a new member to the existing Port-Channel1 bundle. Which command set must be configured on the new interface to complete the process?
Correct Answer:
A
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices.
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.
Topology
-
Tasks
-
All physical cabling between the two switches is installed. Configure the network connectivity between the switches using the designated VLANs and interfaces.
1. Configure VLAN 12 named Compute and VLAN 34 named Telephony where required for each task.
2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.
3. Configure the connection between the switches using access ports.
4. Configure Ethernet0/1 on SW1 using data and voice VLANs.
5. Configure Ethernet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is turned off for the designated interface only.
Correct Answer:

Refer to the exhibit. What is occurring on this switch?
Correct Answer:
A
🗳️

Refer to the exhibit SW_1 and SW_12 represent two companies that are merging. They use separate network vendors. The VLANs on both sides have been migrated to share IP subnets. Which command sequence must be issued on both sides to join the two companies and pass all VLANs between the companies?
Correct Answer:
C
🗳️
An engineer is configuring a switch port that is connected to a VoIP handset. Which command must the engineer configure to enable port security with a manually assigned MAC address of abcd.abcd.abcd on voice VLAN 4?
Correct Answer:
C
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.
Topology
-
Tasks
-
Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28 network from the 192.168.180.0/24 private range. For IPv6, use the first /64 subnet from the 2001:0db8:acca::/48 subnet.
1. Using Ethernet0/1 on routers R1 and R2, configure the next usable /28 from the 192.168.180.0/24 range. The network 192.168.180.0/28 is unavailable.
2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host address.
3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host address.
4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the topology.
5. A ping must work between the routers on the IPv4 and IPv6 address ranges.
Correct Answer:
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.
Topology
-
Tasks
-
Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted across any links between switches for security purposes. Do not modify or delete VTP configurations.
The network needs two user-defined VLANs configured:
VLAN 202: MARKETING
-
VLAN 303: FINANCE
-
1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.
2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted.
3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.

Correct Answer:
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.
Topology
-
Tasks
-
Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL), and security.
Task 1
-
Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the following information:
• Username: support
• Password: max2learn
• Privilege level: Exec mode
Task 2
-
Configure and apply a single NACL on Sw101 using the following:
• Name: ENT_ACL
• Restrict only PC2 on VLAN 200 from pinging PC1
• Allow only PC2 on VLAN 200 to telnet to Sw101
• Prevent all other devices from telnetting from VLAN 200
• Allow all other network traffic from VLAN 200
Task 3
-
Configure security on interface Ethernet 0/0 of Sw102:
• Set the maximum number of secure MAC addresses to four.
• Drop packets with unknown source addresses until the number of secure MAC addresses drops below the configured maximum value. No notification action is required.
• Allow secure MAC addresses to be learned dynamically.


Correct Answer:
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices:
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.
Topology
-
Tasks
-
Refer to the topology. All physical cabling is in place. Configure local users accounts, modify the Named ACL (NACL), and configure DHCP Snooping. The current contents of the NACL must remain intact.
Task 1
-
Configure a local account on Gw1 with telnet access only on virtual ports 0-4. Use the following information:
• Username: wheel
• Password: lock3path
• Algorithm type: Scrypt
• Privilege level: Exec mode
Task 2
-
Configure and apply a NACL on Gw1 to control network traffic from VLAN 10:
• Name: CORP_ACL
• Allow BOOTP and HTTPS
• Restrict all other traffic and log the ingress interface, source MAC address, the packet’s source and destination IP addresses, and ports
Task 3
-
Configure Sw1:
• Enable DNCP Snooping for VLAN 10
• Disable DHCP Option-82 data insertion
• Enable DHCP Snooping MAC address verification
• Enable trusted interfaces
Correct Answer:
What is represented by the word "LB20" within this JSON schema?
Correct Answer:
A
🗳️
What is represented beginning with line 1 and ending with line 5 within this JSON schema?
Correct Answer:
D
🗳️
What is represented by the word "IDS" within this JSON schema?
Correct Answer:
D
🗳️
What is represented in line 4 within this JSON schema?
Correct Answer:
A
🗳️
What is represented by the word "port" within this JSON schema?
Correct Answer:
A
🗳️
What provides connection redundancy, increased bandwidth, and load sharing between a wireless LAN controller and a Layer 2 switch?
Correct Answer:
D
🗳️
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer:
Which interface is used to send traffic to the destination network?
Correct Answer:
C
🗳️
What is the purpose of an SSID?
Correct Answer:
D
🗳️
Which two types of attack are categorized as social engineering? (Choose two.)
Correct Answer:
DE
🗳️
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.
Topology
-
Tasks
-
IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when configuring static routes except for load balancing or redundancy without floating static. Connectivity must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24 connected to SW1:
1. Configure reachability to the switch SW1 LAN subnet in router R2.
2. Configure default reachability to the Internet subnet in router R1.
3. Configure a single static route in router R2 to reach to the Internet subnet considering both redundant links between routers R1 and R2. A default route is NOT allowed in router R2.
4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must be through Ethernet0/1, and the backup link must be through Ethernet0/2 using a floating route. Use the minimal administrative distance value when required.
Correct Answer:
What describes the functionality of southbound APIs?
Correct Answer:
A
🗳️

Refer to the exhibit. A network engineer is verifying the settings on a new OSPF network. All OSPF configurations use the default values unless otherwise indicated. Which router does the engineer expect will be elected as the DR when all devices boot up simultaneously?
Correct Answer:
D
🗳️
Which command must be entered so that the default gateway is automatically distributed when DHCP is configured on a router?
Correct Answer:
B
🗳️
What are two functions of a firewall within an enterprise? (Choose two.)
Correct Answer:
BC
🗳️
What is the maximum number of concurrent Telnet sessions that a Cisco WLC supports?
Correct Answer:
B
🗳️
Which 802.11 management frame type is sent when a client roams between access points on the same SSID?
Correct Answer:
A
🗳️
What is a functionality of the control plane in the network?
Correct Answer:
C
🗳️

Refer to the exhibit. All switches are configured with the default STP priorities. During the STP elections, which switch becomes the root bridge if all interfaces are in the same VLAN?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
What is represented by the word "VPN11" within this JSON schema?
Correct Answer:
D
🗳️
Which port type supports the spanning-tree portfast command without additional configuration?
Correct Answer:
D
🗳️
What is represented by the word "R29" within this JSON schema?
Correct Answer:
D
🗳️
What is represented in line 2 within this JSON schema?
Correct Answer:
A
🗳️
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
What is a characteristic of private IPv4 addressing?
Correct Answer:
A
🗳️
Which interface condition is occurring in this output?
Correct Answer:
C
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
D
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
C
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
B
🗳️
Which interface condition is occurring in this output?
Correct Answer:
D
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
B
🗳️
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Correct Answer:
What is a characteristic of an SSID in wireless networks?
Correct Answer:
D
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
B
🗳️
What is a characteristic of encryption in wireless networks?
Correct Answer:
D
🗳️
What is a characteristic of private IPv4 addressing?
Correct Answer:
D
🗳️
What is a characteristic of an SSID in wireless networks?
Correct Answer:
C
🗳️
What is a characteristic of encryption in wireless networks?
Correct Answer:
D
🗳️
What is a characteristic of an SSID in wireless networks?
Correct Answer:
C
🗳️

Refer to the exhibit. SW2 is replaced because of a hardware failure. A network engineer starts to configure SW2 by copying the fa0/1 interface configuration from SW1. Which command must be configured on the fa0/1 interface of SW2 to enable PC1 to connect to PC2?
Correct Answer:
A
🗳️
DRAG DROP
-
Drag and drop the DHCP snooping terms from the left onto the descriptions on the right.
Correct Answer:
What is a characteristic of private IPv4 addressing?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Correct Answer:
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
How does MAC learning function on a switch?
Correct Answer:
C
🗳️
Which interface condition is occurring in this output?
Correct Answer:
C
🗳️
What is a characteristic of an SSID in wireless networks?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer:

Refer to the exhibit. Which switch becomes the root bridge?
Correct Answer:
D
🗳️
Which interface is used to send traffic to the destination network?
Correct Answer:
B
🗳️
What is represented by the word "fe5/42" within this JSON schema?
Correct Answer:
C
🗳️

Refer to the exhibit. Which switch becomes the root bridge?
Correct Answer:
C
🗳️

Refer to the exhibit. A newly configured PC fails to connect to the internet by using TCP port 80 to www.cisco.com. Which setting must be modified for the connection to work?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the characteristic from the left onto the cable type on the right.
Correct Answer:
How does frame switching function on a switch?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Correct Answer:
What is a characteristic of an SSID in wireless networks?
Correct Answer:
D
🗳️
What is represented by the word "port" within this JSON schema?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the statements about AAA services from the left to the corresponding AAA services on the right. Not all options are used.
Correct Answer:
Which interface condition is occurring in this output?
Correct Answer:
C
🗳️
DRAG DROP
-
Drag and drop the IPv6 address from the left onto the type on the right.
Correct Answer: